08-11-2017 12:34 PM
We have a subscription to the Infoblox RPZ feed and have one RPZ configured on our grid. For now, this RPZ is only logging. I am wanting to configure apache mod_security on one of my web servers and point it to an RBL service to block web traffic from blacklisted networks. I'm wondering if anybody has come up with a way to have apache's mod_security check an incoming client IP address against the RPZ list in Infoblox. Since all of our DNS servers are running RPZ, the service is geographically very close to the web server and we wouldn't have to pay for an RBL service. Just trying to come up with a way to leverage our Infoblox subscription service.
08-17-2017 02:43 AM
Very interesting question, From what I know Apache mod security rules can be configured to block IP address blocks or url. However, I haven't come across a way to utilize RPZ data for mod security. May be we have to write a script which converts the RPZ data to mod security conf file.
Share your thoughts
01-25-2018 04:14 PM
Im not very familar with apache but you could try: download the RPZ, run nslookup or dig against a public dns server for each entry, then use those results for your apache blacklist I guess. You can download the rpz via api from the csp.infobox.com, or you might be able to use the API to fetch it directly from your infoblox. HTH