Yes you need v2.6.0 to use the GSB check. We are planning to release it later this week as production ready.
As for the uri checks, I gave an example rule checking ARGS with @gsbLookup here -
On May 15, 2011, at 3:26 AM, Phoenix Kiula <phoenix.kiula@...> wrote:
> Hi all,
> New to this list and hope to get some guidance.
> I currently run mod_security 2.5.13 with Apache 2 on a usual 64-bit
> Cpanel/WHM setup.
> My web-based service allows visitors to store some data, one element
> of which is URLs. I've discovered that a lot of my users are
> submitting URLs that are included in the Google Safe Browsing list.
> I already have some RBL checking with this rule:
> SecRule REQUEST_URI "^/site/(snip|index|manage|getsnip)$"
> "log,deny,chain,msg:'LOCAL spammer at rbl sbl-xbl.spamhaus.org'"
> SecRule REMOTE_ADDR "@rbl sbl-xbl.spamhaus.org"
> This works fine, but RBLs don't always have malware stuff in time.
> Google SafeBrowing list is much sharper with this stuff! Also, I think
> the above rule only checked for the "REMOTE_ADDR" of the visitor, but
> doesn't check all form POSTs and GETs.
> My questions:
> (1) For the RBL checking, how can I craft a rule that will cover
> REMOTE_ADDR but also "REQUEST_URI"s and form submissions(POST or GET)
> -- I want to check ANY web links(URI) to be checked against an RBL.
> (2) For the Google Safe Browsing, is it possible in any way through
> 2.5.13? -- Or do I absolutely need version 2.6 for that? If I need
> 2.6, then is it ready to be installed in a production, high traffic
> server already? I see it is a release candidate.
> Thanks so much for any advice!!
> Achieve unprecedented app performance and reliability
> What every C/C++ and Fortran developer should know.
> Learn how Intel has extended the reach of its next-generation tools
> to help boost performance applications - inlcuding clusters.
> mod-security-users mailing list
> ModSecurity Services from Trustwave's SpiderLabs:
This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.