MODSEC_00_RBL blocks everything
- aslus maximus
- Forum User
- Posts: 59
- Joined: Tue Mar 05, 2013 1:10 pm
- Location: here
MODSEC_00_RBL blocks everything
When I enable MODSEC_00_RBL it blocks all traffic to the server and logs all IP's as spam listed. Am I doing something wrong? I looked in the wiki and it said MODSEC_00_RBL should be on,along with some associated rules.
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: MODSEC_00_RBL blocks everything
I'm not sure I understand your issue. The default for this RBL is off, and we don't recommend that you turn it on unless you are familiar with that RBL (spamhaus). Can you provide a link to where we've recommended it be enabled?
https://www.atomicorp.com/wiki/index.ph ... SEC_00_RBL
https://www.atomicorp.com/wiki/index.php/WAF_350000
https://www.atomicorp.com/wiki/index.ph ... SEC_00_RBL
And are you sure every IP address is coming up as on spamhaus' blacklist? You may want to contact them if thats the case. Please see this wiki entry:BL Ruleset
Enable/Disable Real-time Black List (RBL) rule class. Currently this uses the Spamhaus XBL which is operated by the Spamhaus project. This RBL is not operated or controlled by Atomicorp. Please contact Spamhaus if you have issues with the IPs on this RBL, or disable this option.
Default: off
Warning: You should only use this ruleset if the ASL server has a really fast DNS server installed on the ASL server.
This ruleset will look up every request in the DNS to see if its on a blacklist, and will not finish serving the request until the DNS server responds. This can slow down requests if the DNS server is slow. Basically, web requests will move at the speed of the DNS servers replies.
If your web server is responding slowly to requests, and you have this ruleset enabled your DNS server is too slow to meet your lookup needs. You will need to either disable this ruleset, or tune your DNS server to respond to queries more quickly.
https://www.atomicorp.com/wiki/index.php/WAF_350000
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone
- aslus maximus
- Forum User
- Posts: 59
- Joined: Tue Mar 05, 2013 1:10 pm
- Location: here
Re: MODSEC_00_RBL blocks everything
It was in an old post I read here a few weeks ago. Can't remeber if it was you who replied but it said something along the lines of you use it here and there were 2 other options you turn on as well. Anyways, I'll give it another try. Thanks.