On 11/15/2010 06:43 PM, Ben Noordhuis wrote: > On Mon, Nov 15, 2010 at 17:12, Rémy Sanchez <remy.sanc...@hyperthese.net> > wrote: >> > I'm coding a module to somehow replace/complement mod_security (it's more a >> > proof of concept than a real project for now). The first thing that I'd >> > like >> > to have is a DNSBL, so that detected intruders are instantly banned when >> > added to the blacklist. Because doing a DNS query for each HTTP request >> > might be a bit heavy, I'd like to keep the results in cache. > The stuff in apr_shm.h is what you want.
Thanks :) I'm getting to love APR more and more... >> > I guess that if I create something from the config pool, it will be >> > duplicated between processes. But another security I want is to check URL >> > against regexps commonly used by botnets/script kiddies. Then, if an IP is >> > blacklisted, I want its state to be changed instantly in all caches. Which, >> > if data is duplicated, is not possible. Would there be a simple way to >> > achieve this ? Or would it be more clever to move to another solution, like >> > using a common redis datastore for blacklist/whitelist/rules lookup ? > I would probably take this direction (store it in a database, > relational or otherwise). Works across multiple nodes and is > scriptable from outside. Indeed, and it is much simpler than creating a specific protocol for rules diffusion + using DNSBL to propagate blacklists as I first thought :) -- Rémy Sanchez http://hyperthese.net
signature.asc
Description: OpenPGP digital signature
