Re: [mod-security-users] Ideas for future features..
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Ideas for future features..
|
From: Michael S. <mi...@go...> - 2006-02-24 18:46:24
|
On Fri, 2006-02-24 at 15:53 +0000, Ivan Ristic wrote: > Michael Shinn wrote: > > > > attackers, owned boxes, etc.). This will use a modified mod_access, > > which will allow for real time lookups of the IPs. rsync access will > > also be available to the zones for secondaries, and sites that wish to > > use the IPs for firewalling purposes. > > How long do the lookups take to complete when the information > is cached in a local DNS? Good question, I'll have to generate some official stats to quantify the performance, but I've been running a modified mod_access doing lookups against the spamhaus.org RBL for about a year and I've never noticed a measurable change in performance as a user. In short, a local DNS (in my case bind) seems to do an good job of caching the lookups, in the same manner that a local DNS seems to do a good enough job with SMTP RBLs. Based on this anecdotal experience,I don't think that an internal cache would be necessary for mod_security to support RBL lookups. It may not even be optimal in some cases, as TTLs may require one lookup to be retried in 1 minute, another in 3600, etc. further complicating the code in mod_security to age these out differently. But, I definitely could see some users not being aware of the need to setup a local DNS and experiencing a significant performance problem and then perceiving that as a mod_security issue. Regardless, a local DNS in my experience does seem to do an adequate job, so my vote would be to add the RBL lookup capability to mod_security minus the cache for the initial testing release, and if the performance seems suboptimal with a local DNS, then add in a cache for the next phase of testing. -- Michael T. Shinn KeyID:0xDAE2EC86 Key Fingerprint: 1884 E657 A6DF DF1B BFB9 E2C5 DCC6 5297 DAE2 EC86 http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xDAE2EC86 Got Root? http://www.gotroot.com modsecurity rules: http://www.modsecurityrules.com Troubleshooting Firewalls: http://troubleshootingfirewalls.com |
