Re: [mod-security-users] RBL queries: filtering possible?
Brought to you by:
victorhora,
zimmerletw
From: Ryan B. <Ryan.Barnett@Breach.com> - 2007-04-24 12:46:25
|
Interesting... I see the resource/time advantage of being able to just do one @rbl looking to multi.surbl.org and it will then query the other list. As for inspecting the bitmask portion, does it really matter which list it was on? Normally, if the IP address is listed on any of the individual lists, people would want to deny access. The @rbl operator will just return true or false whether the IP was listed or not. Is there something specific that you are looking to do depending on which list had the client IP address listed? --=20 Ryan C. Barnett ModSecurity Community Manager Breach Security: Director of Application Security Training Web Application Security Consortium (WASC) Member Author: Preventing Web Attacks with Apache =20 -------------- Web Security Threat Report Webinar on May 9, 2007 (12 pm EST) Learn More About the Breach Webinar Series: http://www.breach.com/webinars.asp -------------- =20 > -----Original Message----- > From: mod...@li... [mailto:mod- > sec...@li...] On Behalf Of Michael > Renzmann > Sent: Tuesday, April 24, 2007 8:32 AM > To: mod...@li... > Subject: [mod-security-users] RBL queries: filtering possible? >=20 > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 >=20 > Hi all. >=20 > Some IP blacklists have special zones that combine some (or all) of their > other zones in a single, bitmasked list. The advantage is that one can > check with a single query (and by applying a bitmask to the result) > whether an IP is listed in more than one zone. >=20 > See http://www.surbl.org/lists.html#multi for more details. >=20 > I wonder if mod-security supports such bit-masked lookups already, or if > that could be implemented in a future version. >=20 > Bye, Mike > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.1 (GNU/Linux) >=20 > iEYEARECAAYFAkYt+LYACgkQa3V7dXg8JKudUgCfSOATjQ4VXKXxQC1f5Hfh5NmA > 1bgAoNWOcMeDPPGyJ5f6oLnayPay7mym > =3DItFK > -----END PGP SIGNATURE----- >=20 > ------------------------------------------------------------------------ - > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users |