Block Spam, Preventing URL Injection And Block HTTP Attacks With mod_dnsblacklist
mod_dnsblacklist is a Lighttpd module that use DNSBL in order to block spam relay via web forms, preventing URL injection, block http DDoS attacks from bots and generally protecting your web service denying access to a known bad IP address. Official site:
To install it you must download the source code and compile by running these commands:
make mod_dnsblacklist.o
gcc -shared -o mod_dnsblacklist.so mod_dnsblacklist.o
/usr/bin/install -c mod_dnsblacklist.so /usr/local/lib/mod_dnsblacklist.so
The module accepts these directives:
dnsblacklist.method
Syntax: dnsblacklist.method string
Supported: GET, POST, HEAD, OPTIONS, PUT and PROPFIND
Default: POST
The HTTP method on which the module acts
dnsblacklist.host
Syntax: dnsblacklist.host string
Default: sbl-xbl.spamhaus.org
The address of the DNSBL used
dnsblacklist.message
Syntax: dnsblacklist.message string
Default: Your IP address is blacklisted!
Error message displayed to the blocked user
Once installed you will need to enable it editing the Lighttpd's configuration (/etc/lighttpd/lighttpd.conf). Here's an example:
server.modules = (
.....
"mod_dnsblacklist",
......
Finally you must restart the server
/etc/init.d/lighttpd restart
The default configuration will protect you from attacks performed with the POST method such spam relay via web forms and on your blog. To extend the protection and preventing URL injection put this in the configuration of Lighttpd:
dnsblacklist.method "GET,POST"
In order to change the error message shown to blocked users, you can use the directive "dnsblacklist.message" in this way:
dnsblacklist.message "Your custom message"
...and now fly light ;)