Author: H.User5946 (11 Dec 10 2:58pm)
As far as I know the mod_httpbl module available here is no longer developed.
If you are interested, this weekend, I've rewritten two mod_perl modules to replace mod_httpbl and specifically addresses the slowness you have observed.
Basically there are 2 modules, httpblFirewall and httpblLog
The Firewall does what it suggests - it decides if the incoming connection should be dropped, and does so. This is an Apache-level firewall system, so does not need any Operating System specific firewall configuration.
The Log also does what it suggests, but sneakily implements the Firewall capabilities.
You see, doing a http:BL DNS call before handing the HTTP request is slow - (this is why back in the mid 1990s Webservers got the option of turning off Resolving the hostnames of the incoming connections). So it is not prudent to do this when you receive a request.
So how to implement http:BL without killing your performance?
The httpblLog module is called by Apache after the request has been handled - it is here that I perform the http:BL DNS call. If the module decides that the person is a "baddie" then it creates the Apache-level firewall (which can be used next time by httpblFirewall), logs the call to a httpbl.log and tells Apache not to log it.
The system is reasonably configurable (you can make the Firewall do the http:BL API call if you like, I just don't recommend it) - you can also tune the levels (score) at which you want to Log and/or Block.
I also have implemented decent white and blacklists that cope with one or more files allowing you to block by IP, IP-range, CIDR notation.
The same white and blacklists also allow you to specify pattern matching against request headers (can only do this in the Log module), e.g.
I've been doing a bit of tweaking and refining yesterday and today. I plan on making an initial release some point next week. If you'd like to be a guinea pig - let me know :)
You'll need Apache2 and mod_perl installed.