I am using the latest free rules on an OpenVZ VPS running Debian 5.0.8 and modsecurity 2.5.11-1~bpo50+1. Recently, I had native IPv6 enabled for my VPS and noticed that my website takes ages to load when accessed via IPv6 but loads quickly when accessed via IPv4 (Firebug reports 20+ seconds via IPv6 and 2 seconds via IPv4). After some troubleshooting, I found out that disabling
Code: Select all
SecRule REMOTE_ADDR "@rbl xbl.spamhaus.org" \
"deny, log, id:350000,rev:2,msg:'Global RBL Match: IP is on the xbl.spamhaus.org Blacklist',severity:'3'"
in 00_asl_rbl.conf was the solution. My website loads fast now irrespective of which IP version I am using. Looking at the Spamhaus site, it seems that they don't support IPv6 yet.
So, my question is: How can I limit the above Spamhaus lookup to only IPv4 addresses and exclude IPv6 addresses?
Thanks.
Dwayne