Re: [mod-security-users] RBL support available in 2.0.0-dev1

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Ivan Ristic wrote:
> ModSecurity 2.0.0-dev1 is out and it includes support for RBL
> operation. Example (it's documented in the manual too):
>
> SecFilterSelective REMOTE_ADDR "@rblCheck sbl-xbl.spamhaus.org"
>
> Regex backreferences will be supported in 2.0.0-dev2 (they
> are supported already in the CVS BTW). Caching is not supported
> at the moment. I do plan to support it in 2.0.0-dev2.
>   
FYI about caching...

I am just going through an issue with the lack of *NEGATIVE TTL* caching
(DNS NCACHE support) within  djbdns's  dnscache. It really hits the
performance of SpamAssassin from far-away countries (from the RBL
servers) like mine (New Zealand).

Be aware that you probably want to cache both *successful* and
*unsuccessful* lookups as you cannot rely on the DNS server your OS is
using to do it for you. The negative caching especially is important, as
realistically, 99.9% of the IPs that connect to a Web server won't be in
any RBL.

-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1