You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Jem Berkes <jb...@users.pc9.org> on 2005/07/19 08:29:35 UTC
DNSBL filtering for Apache
While I was thinking about Nick's suggestion for mod_rbl (blacklist lookups
with mod_smtpd) I happened upon this idea, which is somewhat unrelated to
the smtp project.
DNSBLs, the dominant form of real time blacklisting, are not specific to
SMTP because this is just a way to publish lists of IP addresses. RHSBLs,
which look up the address in an SMTP envelope, are specific to SMTP
however.
Apache -- the HTTP side too -- would benefit from DNSBL support. Or does
this already do this? For example, both the CBL and AHBL projects list IP
addresses of hosts engaging in activities such as proxy hijacking and spam
relaying. This means it would be useful for webmasters to be able to make
use of the published DNSBL to deny access to http requests.
Because DNSBLs are an efficient way to publish lists, webmasters might
start using a DNSBL lookup feature in Apache to limit abuse of say message
forums, cgi scripts, proxy gateways. Currently, this has to be done by
importing a complete list of IP address (often tens of megabytes) into a
firewall script or Apache configuration.
Re: DNSBL filtering for Apache
Posted by Jem Berkes <jb...@users.pc9.org>.
> Apache -- the HTTP side too -- would benefit from DNSBL support. Or does
> this already do this? For example, both the CBL and AHBL projects list
> IP addresses of hosts engaging in activities such as proxy hijacking and
> spam relaying. This means it would be useful for webmasters to be able
> to make use of the published DNSBL to deny access to http requests.
Gosh, it already exists thanks to Blars Blarson
http://www.blars.org/mod_access_rbl.html
I wonder if the existing module can somehow be used for mod_smtpd as well?
I'm still not familiar with enough 2.x style modules to know if that would
work somehow.