Re: [mod-security-users] Using ModSecurity and RBLs
Brought to you by:
victorhora,
zimmerletw
From: Christian B. <ch...@jw...> - 2010-11-16 09:16:35
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Christian! Am 16.11.2010 um 07:48 schrieb <chr...@po...> <chr...@po...>: > That looks like a welcome feature. I have not worked with RBL so far, but I imagine I might > in the future. What is not so nice is the syntax for blocking/unblocking. I take it you want > communicate additional information to the RBL Server without changing ModSec. > Is not there an alternative - possibly one with patching ModSec? You're referring to using 'block-60.rbl.localnet' and 'unlock.rbl.localnet', right? I do agree, that this is a bit ugly. The problem here is, that all of this is carried out using simple DNS lookup queries. That's simply the way RBL works. It might be an option to implement the same functionality by patching ModSecurity and using a more sophisticated database than a DNS server, e.g. integrating memcache into ModSec would be a great idea, in my view. I can also extend the jwall-rbld to receive more commands with special communication, such ModSecurity can communicate with it in a better way. However, this will greatly move beyond pure RBL communication. With the current state, the jwall-rbld can be used with standard techniques, e.g. by creating a local DNS-cache on your ModSecurity machine and no other alteration of the software. That was my primary goal behind. But I am willing to extend this if anyone requests that feature :-) Regards, Chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) iD8DBQFM4kvopc5/RcXDlTwRAnQhAJ9HYz9A9OTV/4naE+agROcBfqfVpACeL2zV UoKghAYMu3IEGhQz5DVMM+I= =My6H -----END PGP SIGNATURE----- |