blacklist_to_modsec 1.3

blacklist_to_modsec 1.3 brings the ability to pull in data from the MT-Blacklist database, as well as a few other small code tweaks…. The database code I’ve written is fairly dumb, and frankly I’d rather just be able to instantiate one of Jay’s Blacklist modules to do the work of configuring and querying… but at this point it was easier and faster for me to just write in some basic database functionality, since I don’t understand the Blacklist internals well enough. If anyone is interested in changing the code to make use of higher-level modules, feel free. I think that would really be the best way to go.

For documentation and download links, head over here|http://prwdot.org/docs/blacklisttomodsec.html.

2 thoughts on “blacklist_to_modsec 1.3

  1. derwood

    Love the script. I tried it out when you released your first version. Its worked quite well. I made some of my own modifications to it as well. The new addition of querying the blacklist from the database will be quite useful. I also added the ability to add your own personal blacklist info from a text file:

    Up in the user configurable area:

    my $mybl = ‘myblacklist.txt’;

    And then after writing the rules file, but before closing it off:

    LogWriter(“Writing personal blacklist lines…”); open IN, “$mybl”; while ( ) { chomp($); print RULES “$rule_format \”.*$\”\n”; } close IN; close(RULES) || die(“Couldn’t close $rules_file: $!”); LogWriter(“Finished.”); close(LOG);

    I also added in a bit that merges the rules into httpd.conf and restarts apache.

    The only problem I’ve had is that mod_security seems to have a memory leak. After a few hours of running, the apache processes are several times larger than normal (approaching 60meg use as opposed to less than 20meg).. Removing mod_security from apache clears the memory growth.

    Reply
  2. Jake

    I got moved to a new dedicated box at my web host, and needed to reinstall/set this all up. First run from the command line, got this:

    Magic number checking on storable file failed at blib/lib/Storable.pm (autosplit into blib/lib/auto/Storable/_retrieve.al) line 328, at /usr/bin/blacklist_to_modsec.pl line 127

    I’ve verified storable and LWP and everything else required is installed. Any idea what causes this error? Perl hacker I am not, but line 127 appears to be pulling the data from Jay’s list.

    Reply

Leave a Reply