Yes, @ipmatch is slower than @pm. we are working on @ipmatchf operator that will implement a new algorithm and should be faster.

It is scheduled for v2.7

thanks

Breno

On Thu, Sep 29, 2011 at 10:54 AM, Brian Kroth <bpkroth@gmail.com> wrote:
I've read/found that @ipMatch is a lot slower than something like @pmFromFile.  Not to mention it's easier to read for large lists.  Is that something that can be or already has been improved?

Thanks,
Brian

Ryan Barnett <ryan.barnett@owasp.org> 2011-09-28 13:53:

Oops forget to remove the trailing $...

SecRule REMOTE_ADDR "!@ipMatch 123.456.789.12"

One of the advantages is that you don't have to mess with escaping regex meta-chars.

Ryan

On Sep 28, 2011, at 1:45 PM, Ryan Barnett <RBarnett@trustwave.com> wrote:

Even better is to use the @ipMatch operator -
http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual#ipMatch

SecRule REMOTE_ADDR "!@ipMatch 123.456.789.12$"

Ryan

On Sep 28, 2011, at 1:31 PM, Peter BARABAS <peter.barabas@gmail.com> wrote:

Hello,


Just a tip: use IP addresses without zero padding. Your rule:

SecRule REMOTE_ADDR "!^123\.456\.789\.012$"
<snip/>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAk6ElKYACgkQdtkBin+QuSAyBACgil+kHWstADs37xDrkBcFrcNH
0uAAniO5zsoao1FOvjKkMsnoYapXLQUT
=qpxJ
-----END PGP SIGNATURE-----

------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2dcopy1
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/