December 2012
Intermediate to advanced
552 pages
13h 16m
English
Content preview from Web Application Defender's CookbookBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
Recipe 4-4: Running Your Own RBL
This recipe demonstrates how to use the jwall-rbld package to host your own internal RBL server.
Ingredients
- Christian Bockermann’s jwall-rbld package5
- ModSecurity
- @rbl action
As the previous recipes have shown, there is obvious value in using third-party RBL repositories to gain intelligence about client IP addresses. An additional layer of defense would be to run your own internal RBL system that your systems can both query and update for dynamic, collaborative intelligence.
ModSecurity’s Persistent Collection Databases
ModSecurity’s persistent storage mechanism uses the SDBM library. It was chosen because it was already included in the Apache Portable Runtime (APR) and because it allows for concurrent transaction usage. The persistent storage mechanism serves its intended purpose, but it does have one shortcoming: It contains only data from local Apache instances. This means that if you have a server farm of hundreds of Apache servers, each individual Apache instance has its own local persistent storage file. This scenario causes issues when you want to tag a client as malicious globally in your enterprise and implement blocking. This is where the idea of running your own RBL becomes valuable.
jwall-rbld
ModSecurity power user Christian Bockermann has created a number of support tools, which are available on his web site, https://jwall.org/. The jwall-rbld tool is a real-time blacklist daemon process written in Java and acts as a ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.