[Fwd: Re: [Modsecurity] Rules for rulsets]
Chris H.
fbsd at 1command.com
Sat Jun 24 00:40:29 EDT 2006
Quoting Michael Shinn:
On Fri, 2006-06-23 at 22:21 -0400, Brian Rectanus wrote:
>> Hi Mike,
>>
>> Further along these lines, there are a few mistakes (poor
>> assumptions?) in the badips.conf that should be corrected.
>
> Thanks for the comment. badips.conf is totally depreciated (and if I
> wasn't clear, it has been for some time). I just haven't gotten around
> to removing it yet from the website, so folks, I will not be making any
> fixes to badips.conf. There is a much better: gotroot RBLS.
---------------8<---[snip]-8<--------
> Realtime RBL lookups not only scale better (I can publish millions of
> records if I want, and it won't kill your box! Hurray!), but if you run
> a local caching DNS your performance will be faster than mod_security
> lookups against the current IPs file. Also, this method also allows for
> IPs to be added and removed, well in real time. So three good reasons
> to use RBLs only. :-)
>
> I have a test RBL right now, if you want to try out the new way to do
> badips.conf, via RBL, let me know and I'll send you the details. You
> have to promise though that you won't send your irrate users to me to
> remove them - this is currently a test RBL without a web frontend to
> allow easy removals. There may be mistakes, I might flip out a start
> blocking people with blue eyes. Who knows, it could get ugly. Then
> again, it might be amazing, and you simply won't be able to live without
> it. Then again, its no different than badips.conf at present (theres no
> automatic way to remove yourself from that list either).
>
> I'm pretty close to opening the RBL up completely,
I'm just about to launch a PRBL as well. We have a large server farm
and as DNS is our primary service, also given that we second for a
public email RBL, this just seemed a natural direction. I'm currently
preparing one of the boxes now. I will likely host it on internethell.NET
but possibly on ultimatedns.NET. I'm certainly not opposed to collaboration,
should this sound remotely interesting to you. Feel free to contact me
off the list.
> but I want to finish
> the web frontend so that users with infected machines can complain that
> their systems should be removed from the RBL or else they will sue me.
> (Happened already... and we laughed and laughed... ah... fix computer or
> threaten to spend thousands on lawyer to sue someone blocking you from
> connecting to their website... sue! sue! Money grows on trees! I have
> a right to use your computer for my own purposes! How dare you deny me
> from using your stuff!)
>
> Yeah... so I gotta finish the web front end first. :-)
>
> Anyway, the RBL is close to being done (I'm using it now), so if you
> want to do things the new way, let me know and I'll send you details
> about how to use. Or, just wait a little while and I'll open it to the
> whole universe.
--Chris
--
Michael T. Shinn KeyID:0xDAE2EC86
Key Fingerprint: 1884 E657 A6DF DF1B BFB9 E2C5 DCC6 5297 DAE2 EC86
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xDAE2EC86
Got Root? http://www.gotroot.com
modsecurity rules: http://www.modsecurityrules.com
Troubleshooting Firewalls: http://troubleshootingfirewalls.com
--
panic: kernel trap (ignored)
-----------------------------------------------------------------
FreeBSD 5.4-RELEASE-p12 (SMP - 900x2) Tue Mar 7 19:37:23 PST 2006
/////////////////////////////////////////////////////////////////
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: PGP Digital Signature
Url : http://lists.gotroot.com/pipermail/modsecurity/attachments/20060623/37a31344/attachment.bin
More information about the Modsecurity
mailing list