Re: [Httpbl-beta] Getting help

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Anders,
   We are pleased that you have decided to help us test mod_httpbl.

   I believe your module is working well.  Your top 3 diagnostics tests look
good and those are the only tests which are coded into the module right now.

   You want to remove the line "HTTPBLRBLReqHandler 255:0-255:0-255:0 allow"
from your configurations if you want to filter out any IPs.  This line
explicitly allows all IPs access to any page in this directory before any
other checks are done.

"HTTPBLRBLReqHandler 255:0-255:0-255:0 allow" sets permissions for any
visitor's IP to visit any page in this directory block (of XML).
Setting this as the first HTTPBLRBLReqHandler causes all requests to be
_allowed_ (which is not what you want if you want to filter known threat IPs
from accessing these pages).
Setting this as the last HTTPBLRBLReqHandler causes all requests to default
(fall back) to _allowed_ (which would be the same thing
as"HTTPBLDefaultAction allow").
All HTTPBLRBLReqHandler are tested top-to-bottom from most specific (files
and directories) to more general (Virtual Hosts and Servers) scope.

Am I correct in assuming you copy-pasted your HTTPBLRBLReqHandler from
somewhere?  Could you tell me where you got your initial configuration lines
from?
I think I should rewrite something to explain the definition of this line
more clear to new users.

Hope this helps.

Regards,
Dave

On 5/30/07, A. Runeson <ar...@et...> wrote:
>
> Hello
> Ive got troubles with getting the mod_httbl working and don't really
> know where to get help, if I'm of then please point me in the right
> direction.
>
>
> I got the module to compile and installed.
> In my apache-vhost-conf I have:
>
>          <IfModule mod_httpbl.c>
>             HTTPBLRBLEnabled    On
>             HTTPBLLogDir            /var/log/apache2/httpbl/
>             HTTPBLTestingURL        /httpbl_diagnostics/
>             HTTPBLDefaultAction     allow
>             HTTPBLAccessKey         theoneIgotfromprojecthoneypot
>             HTTPBLReposDir          /tmp/
>          </IfModule>
>
> and then
>          <Directory /mnt/webserver/www/htdocs/gallery>
>                  AllowOverride FileInfo Options
>                  HTTPBLRBLEnabled On
>                  HTTPBLDefaultAction allow
>                  HTTPBLDefaultAction     allow
>                  HTTPBLRBLReqHandler 255:0-255:0-255:0 allow
>                  HTTPBLRBLReqHandler 255:0-100:0-255:255 deny
>          </Directory>
>
> I got the diagnostics testing to show up in apache.
> [ + ]   Write to the log directory (/var/log/apache2/httpbl/)
> [ + ]   Write to the repos directory (/tmp/)
> [ + ]   Resolve and reach the RBL domain (www.projecthoneypot.org)
> [ * ]   Authenticate with the Project Honey Pot RBL (*.dave.httpbl.org)
> [ * ]   Submit 404 data to the server
> (http://192.168.3.100:11000/record_404.php)
> [ * ]   Submit POST data to the server
> (http://192.168.3.100:11000/record_post.php)
> [ * ]   Query for honeypots (http://hpr1.projecthoneypot.org/cgi/serve.php
> )
>
> Seems to me like all is well.
>
> The problem is that I still get gallery spam commenters, for example
> today from ip 163.178.90.130 and when checking this ip in project
> honeypot its tagged as evil.
>
> Should I try debugmode in the apache module? Or have I done something
> obviously wrong?
> My apache server tag is
> Apache/2.0.55 (Ubuntu) DAV/2 SVN/1.3.1 PHP/5.1.2 mod_ssl/2.0.55
> OpenSSL/0.9.8a
>
> The log-dir is empty except for an empty httpbl_diagnostics_test.txt
>
> Regards
> Anders Runeson
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> _______________________________________________
> Httpbl-beta mailing list
> Htt...@li...
> https://lists.sourceforge.net/lists/listinfo/httpbl-beta
>