httpd-modules-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rémy Sanchez <remy.sanc...@hyperthese.net>
Subject Re: Shared memory ?
Date Mon, 15 Nov 2010 18:55:12 GMT
On 11/15/2010 06:43 PM, Ben Noordhuis wrote:
> On Mon, Nov 15, 2010 at 17:12, Rémy Sanchez <remy.sanchez@hyperthese.net> wrote:
>> > I'm coding a module to somehow replace/complement mod_security (it's more a
>> > proof of concept than a real project for now). The first thing that I'd like
>> > to have is a DNSBL, so that detected intruders are instantly banned when
>> > added to the blacklist. Because doing a DNS query for each HTTP request
>> > might be a bit heavy, I'd like to keep the results in cache.
> The stuff in apr_shm.h is what you want.

Thanks :) I'm getting to love APR more and more...

>> > I guess that if I create something from the config pool, it will be
>> > duplicated between processes. But another security I want is to check URL
>> > against regexps commonly used by botnets/script kiddies. Then, if an IP is
>> > blacklisted, I want its state to be changed instantly in all caches. Which,
>> > if data is duplicated, is not possible. Would there be a simple way to
>> > achieve this ? Or would it be more clever to move to another solution, like
>> > using a common redis datastore for blacklist/whitelist/rules lookup ?
> I would probably take this direction (store it in a database,
> relational or otherwise). Works across multiple nodes and is
> scriptable from outside.

Indeed, and it is much simpler than creating a specific protocol for
rules diffusion + using DNSBL to propagate blacklists as I first thought :)

-- 
Rémy Sanchez
http://hyperthese.net


Mime
View raw message