Re: [mod-security-users] Include rules file per Directory

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On Wed, 2006-04-19 at 10:42 +0100, Ivan Ristic wrote:
> On 4/17/06, Justin Grindea <web...@sw...> wrote:
> > hi,
> >
> > I'm looking into using gotroot's blacklist.conf but would like to restrict
> > processing rules in this file only to specific scripts that need it, not load
> > it like any other rules file, since the load goes very high on a busy server.
> 
> You can do that, simply do something like:
> 
> <Location /xyz>
> Include conf/blacklist.conf
> </Location>
> 
> But using blacklist.conf is not a good idea (that's the one with many
> IP addresses in it?) 

blacklist.conf has all the spammer URLs in it.

> because ModSecurity needs to test for each IP
> address individially (and that's slow when you have thousands of IP
> addresses to check). From what I've heard Mike (GotRoot) will be
> maintaining a proper RBL to replace blacklist.conf (and ModSecurity
> 2.x already supports RBLs). The combination will be an order of
> magnitude faster.

Yep.  badips.conf has the IPs, and is no longer maintained as its now in
RBL form.  I just haven't published the root zone yet for outside
use.  :-)

I'll try to get it published this week.

> 
> --
> Ivan Ristic, Technical Director
> Thinking Stone, http://www.thinkingstone.com
> ModSecurity: Open source Web Application Firewall
> 
> 
> -------------------------------------------------------
> This SF.Net email is sponsored by xPML, a groundbreaking scripting language
> that extends applications into web and mobile media. Attend the live webcast
> and join the prime developer group breaking into this new coding territory!
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid0944&bid$1720&dat1642
> _______________________________________________
> mod-security-users mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
-- 
Michael T. Shinn                                    KeyID:0xDAE2EC86
Key Fingerprint:  1884 E657 A6DF DF1B BFB9 E2C5 DCC6 5297 DAE2 EC86
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xDAE2EC86

Got Root?  http://www.gotroot.com
modsecurity rules: http://www.modsecurityrules.com
Troubleshooting Firewalls:  http://troubleshootingfirewalls.com