Hi,
I'm coding a module to somehow replace/complement mod_security (it's
more a proof of concept than a real project for now). The first thing
that I'd like to have is a DNSBL, so that detected intruders are
instantly banned when added to the blacklist. Because doing a DNS query
for each HTTP request might be a bit heavy, I'd like to keep the results
in cache.
I guess that if I create something from the config pool, it will be
duplicated between processes. But another security I want is to check
URL against regexps commonly used by botnets/script kiddies. Then, if an
IP is blacklisted, I want its state to be changed instantly in all
caches. Which, if data is duplicated, is not possible. Would there be a
simple way to achieve this ? Or would it be more clever to move to
another solution, like using a common redis datastore for
blacklist/whitelist/rules lookup ?
Thanks,
Rémy
- Shared memory ? Rémy Sanchez
-
