Reply

Infoblox RPZ/subscription - use as an RBL?

Adviser
Posts: 60
6107     0

We have a subscription to the Infoblox RPZ feed and have one RPZ configured on our grid.  For now, this RPZ is only logging.  I am wanting to configure apache mod_security on one of my web servers and point it to an RBL service to block web traffic from blacklisted networks.  I'm wondering if anybody has come up with a way to have apache's mod_security check an incoming client IP address against the RPZ list in Infoblox.  Since all of our DNS servers are running RPZ, the service is geographically very close to the web server and we wouldn't have to pay for an RBL service.  Just trying to come up with a way to leverage our Infoblox subscription service.

Highlighted

Re: Infoblox RPZ/subscription - use as an RBL?

Adviser
Posts: 62
6107     0

Hi Clark,

 

Very interesting question, From what I know Apache mod security rules can be configured to block IP address blocks or url. However, I haven't come across a way to utilize RPZ data for mod security. May be we have to write a script which converts the RPZ data to mod security conf file.

 

Share your thoughts

 

Regards,

Syam.

Re: Infoblox RPZ/subscription - use as an RBL?

pmeyerson
Techie
Posts: 11
6108     0

Im not very familar with apache but you could try: download the RPZ, run nslookup or dig against a public dns server for each entry, then use those results for your apache blacklist I guess.  You can download the rpz via api from the csp.infobox.com, or you might be able to use the API to fetch it directly from your infoblox.  HTH

Showing results for 
Search instead for 
Do you mean 

Recommended for You