On Mon, Nov 15, 2010 at 17:12, Rémy Sanchez <remy.sanc...@hyperthese.net> wrote: > I'm coding a module to somehow replace/complement mod_security (it's more a > proof of concept than a real project for now). The first thing that I'd like > to have is a DNSBL, so that detected intruders are instantly banned when > added to the blacklist. Because doing a DNS query for each HTTP request > might be a bit heavy, I'd like to keep the results in cache.
The stuff in apr_shm.h is what you want. > I guess that if I create something from the config pool, it will be > duplicated between processes. But another security I want is to check URL > against regexps commonly used by botnets/script kiddies. Then, if an IP is > blacklisted, I want its state to be changed instantly in all caches. Which, > if data is duplicated, is not possible. Would there be a simple way to > achieve this ? Or would it be more clever to move to another solution, like > using a common redis datastore for blacklist/whitelist/rules lookup ? I would probably take this direction (store it in a database, relational or otherwise). Works across multiple nodes and is scriptable from outside.
