Re: [mod-security-users] Ideas for future features..
Brought to you by:
victorhora,
zimmerletw
From: Zach R. <ad...@li...> - 2006-02-25 21:59:47
|
Ivan Ristic wrote: >Zach Roberts wrote: > > >>I apologize for being absent for most of the discussion. My schedule has >>been quite full lately. >> >>I have been using a forked mod_access_rbl for about a year now. While I >>don't use it to scan every request that comes in I do use it to control >>access to two or three files that are accessed quite a bit. For these >>three files I am using seven different blacklists and I've noticed no >>drop in performance. >> >> > > Without a local cache? > > > Just a local DNS cache. >> As a matter of fact, ModSecurity 1.8.x-dev was able to interface >> with external spam checkers. I announced it on the list (I think) >> but since no one used it I removed it prior to 1.9 final. >> >>I believe this sort of checking needs to be internal. Accessing an >>external Perl script for example would be far too resource intensive if >>it were used to scan a very large number of incoming connections. >> >> > > Forking to execute a Perl script might not be feasible, but > talking to an already-running daemon may be better. I'd really > hate to see ModSecurity integrate a spam checker :) > > > > I would hate to see the spam checker daemon die for some reason and then Apache serve broken pages. Perhaps backreferences and RBL lookups built internally for the sake of the system administrators? ;) >>I can see you guys have a good handle on the situation. The future >>features of 2.0.0 look very promising with functionality similar to >>mod_evasive. >> >> > > BTW, even now you can have protection better than with mod_evasive > using httpd-guardian (http://www.apachesecurity.net/tools/). And, > in terms of performance, probably faster than what will be available > in ModSecurity v2.0. > > > > I'll look at it. It might prove useful. >>If the functionality works with Frontpage too (mod_evasive >>does not) it will be all that much better. >> >> > > That's interesting. What is the problem with FrontPage? > > > It interferes with publishing content via port 80. Nothing critical in my eyes since it gave me a good excuse to get rid of the Frontpage extensions completely. ;) Zach |