Re: [mod-security-users] @pmFromFile IP range question
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] @pmFromFile IP range question
|
From: Ryan B. <RBa...@tr...> - 2011-05-18 18:16:39
|
We added the @ipMatch operator to v2.6.0 to more accurately handle IP address/range/netmask evaluation- http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Referenc e_Manual#ipMatch While this is certainly an improvement (vs. using regex), I agree with your point that we still need a mechanism that combines both @ipMatch and @pmf so that you can list a large number of addresses. I have created a Jira ticket for this new feature - https://www.modsecurity.org/tracker/browse/MODSEC-244 Another related issue is that external files (called up from say @pmf) are loaded into memory at startup. This is done for performance reasons, however you highlight its downside. We will look to add a mechanism so that ModSecurity can check for updated external files and then re-read that data into memory. In the meantime, I would suggest that you possibly look at leveraging your own DNS RBL and even a "Real-time White List" where you can add in IP addresses that that you want to either whitelist or blacklist. With this setup, you could then use the @rbl checks to dynamically check the IP addresses. -Ryan On 5/18/11 1:35 PM, "Phoenix Kiula" <pho...@gm...> wrote: >> Yes, IIRC the patterns of that file are merged into a prefix-tree to >>speed up >> the lookup. This should be done at Apache startup time. > > > >Thanks. But in this case, I am a bit disappointing, because every time >we add to a file, we need to restart Apache? If we were using this >for, say, a blacklist file -- how do we make sure that we keep adding >to the blacklist without restarting Apache everytime? > >Thanks for any pointers! > >-------------------------------------------------------------------------- >---- >What Every C/C++ and Fortran developer Should Know! >Read this article and learn how Intel has extended the reach of its >next-generation tools to help Windows* and Linux* C/C++ and Fortran >developers boost performance applications - including clusters. >http://p.sf.net/sfu/intel-dev2devmay >_______________________________________________ >mod-security-users mailing list >mod...@li... >https://lists.sourceforge.net/lists/listinfo/mod-security-users >ModSecurity Services from Trustwave's SpiderLabs: >https://www.trustwave.com/spiderLabs.php This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
