httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jem Berkes" <>
Subject DNSBL filtering for Apache
Date Tue, 19 Jul 2005 06:29:35 GMT
While I was thinking about Nick's suggestion for mod_rbl (blacklist lookups 
with mod_smtpd) I happened upon this idea, which is somewhat unrelated to 
the smtp project.

DNSBLs, the dominant form of real time blacklisting, are not specific to 
SMTP because this is just a way to publish lists of IP addresses. RHSBLs, 
which look up the address in an SMTP envelope, are specific to SMTP 

Apache -- the HTTP side too -- would benefit from DNSBL support. Or does 
this already do this? For example, both the CBL and AHBL projects list IP 
addresses of hosts engaging in activities such as proxy hijacking and spam 
relaying. This means it would be useful for webmasters to be able to make 
use of the published DNSBL to deny access to http requests.

Because DNSBLs are an efficient way to publish lists, webmasters might 
start using a DNSBL lookup feature in Apache to limit abuse of say message 
forums, cgi scripts, proxy gateways. Currently, this has to be done by 
importing a complete list of IP address (often tens of megabytes) into a 
firewall script or Apache configuration.

View raw message