A reputation database powered by RBL (Real-time Blackhole List) protects websites from hacking attempts, DDoS attacks, and brute-force logins by blocking known malicious sources.

RBL Check

Usage

RBL Database server: rbl.malware.expert

RBL Database to ModSecurity

Add below text to ex. /etc/modsecurity.d/rbl.conf

SecRule REQUEST_METHOD "POST" "id:'400010',phase:1,chain,drop,noauditlog,msg:'Malware host detected by rbl.malware.expert',tag:'MEWAF'"
SecRule REMOTE_ADDR "@rbl rbl.malware.expert"

Also can detect traffic which coming from proxies:

SecRule REQUEST_HEADERS:X-Forwarded-For     "@rbl rbl.malware.expert"       "id:1001000,phase:1,drop,noauditlog,msg:'Malware host (X-Forwarded-For) detected by rbl.malware.expert',tag:'MEWAF'"

SecRule REQUEST_HEADERS:X-Real-IP           "@rbl rbl.malware.expert"       "id:1001001,phase:1,drop,noauditlog,msg:'Malware host (X-Real-IP) detected by rbl.malware.expert',tag:'MEWAF'"

SecRule REQUEST_HEADERS:CF-Connecting-IP    "@rbl rbl.malware.expert"       "id:1001002,phase:1,drop,noauditlog,msg:'Malware host (CF-Connecting-IP) detected by rbl.malware.expert',tag:'MEWAF'"

Optimize / tuning

If you want to minimize dns response times, you can use local DNS resolver.

RBL Database with IPSET

• Subscription customers can download IP’s list for custom usage using this guide.
• Custom ipset.sh script to use database and block request in IPTABLES firewall.
• Howto Integrating RBL Database to CSF Firewall

Pricing

Most Popular

BASIC

Free

DNS queries

Updated every 24 hours

Free usage

 

ENTERPRISE

€50 /per month

Direct Data Access (Download)

Updated every hours

Buy Now