Re: [mod-security-users] RBL support available in 2.0.0-dev1
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] RBL support available in 2.0.0-dev1
|
From: Tom A. <tan...@oa...> - 2006-03-10 14:25:50
|
Jason Haar wrote: > FYI about caching... > > I am just going through an issue with the lack of *NEGATIVE TTL* caching > (DNS NCACHE support) within djbdns's dnscache. It really hits the > performance of SpamAssassin from far-away countries (from the RBL > servers) like mine (New Zealand). > > Be aware that you probably want to cache both *successful* and > *unsuccessful* lookups as you cannot rely on the DNS server your OS is > using to do it for you. The negative caching especially is important, as > realistically, 99.9% of the IPs that connect to a Web server won't be in > any RBL. I hope that such a cache would also allow local blacklisting of non-RBL'd addresses so that prior failures of other rules could trigger (through a "blacklist" action) the rejection of all requests from that address without having to run the full gamut of rules on each subsequent hit. Tom |
