MODSEC_00_RBL blocks everything

[aslus maximus]

When I enable MODSEC_00_RBL it blocks all traffic to the server and logs all IP's as spam listed. Am I doing something wrong? I looked in the wiki and it said MODSEC_00_RBL should be on,along with some associated rules.

[mikeshinn]

I'm not sure I understand your issue. The default for this RBL is off, and we don't recommend that you turn it on unless you are familiar with that RBL (spamhaus). Can you provide a link to where we've recommended it be enabled?

https://www.atomicorp.com/wiki/index.ph ... SEC_00_RBL

BL Ruleset

Enable/Disable Real-time Black List (RBL) rule class. Currently this uses the Spamhaus XBL which is operated by the Spamhaus project. This RBL is not operated or controlled by Atomicorp. Please contact Spamhaus if you have issues with the IPs on this RBL, or disable this option.

Default: off

Warning: You should only use this ruleset if the ASL server has a really fast DNS server installed on the ASL server.

This ruleset will look up every request in the DNS to see if its on a blacklist, and will not finish serving the request until the DNS server responds. This can slow down requests if the DNS server is slow. Basically, web requests will move at the speed of the DNS servers replies.

If your web server is responding slowly to requests, and you have this ruleset enabled your DNS server is too slow to meet your lookup needs. You will need to either disable this ruleset, or tune your DNS server to respond to queries more quickly.

And are you sure every IP address is coming up as on spamhaus' blacklist? You may want to contact them if thats the case. Please see this wiki entry:

https://www.atomicorp.com/wiki/index.php/WAF_350000

[aslus maximus]

It was in an old post I read here a few weeks ago. Can't remeber if it was you who replied but it said something along the lines of you use it here and there were 2 other options you turn on as well. Anyways, I'll give it another try. Thanks.