Automatically generated by Pod::Man 4.07 (Pod::Simple 3.32) Standard preamble: ========================================================================
NAMEURILocalBL - blacklist URIs using local information (ISP names, address lists, and country codes)
SYNOPSISThis plugin creates some new rule test types, such as ``uri_block_cc'', ``uri_block_cidr'', and ``uri_block_isp''. These rules apply to the URIs found in the
Why local blacklisting? There are a few excellent, effective, and well-maintained
- blacklists can cover tens of thousands of entries, and you can't select which ones you use;
- verifying that it's correctly configured can be non-trivial;
- new blacklisting entries may take a while to be detected and entered, so it's not instantaneous.
Sometimes all you want is a quick, easy, and very surgical blacklisting of a particular site or a particular
RULE DEFINITIONS AND PRIVILEGED SETTINGSThe format for defining a rule is as follows:
uri_block_cc SYMBOLIC_TEST_NAME cc1 cc2 cc3 cc4
uri_block_cidr SYMBOLIC_TEST_NAME a.a.a.a b.b.b.b/cc d.d.d.d-e.e.e.e
uri_block_isp SYMBOLIC_TEST_NAME "DataRancid" "McCarrier" "Phishers-r-Us"
Example rule for matching a
uri_block_cc TEST1 cn
This would block the
uri_block_cidr TEST2 22.214.171.124/18
would match a netblock where several phishing sites were recently hosted.
And to block all
uri_block_isp TEST3 "ColoCrossing"
if one didn't trust
uri_block_exclude TEST1 www.baidu.com
if you wish to exempt
DEPENDENCIESThe Country-Code based filtering requires the Geo::IP module, which uses either the fremium GeoLiteCountry database, or the commercial version of it called GeoIP from MaxMind.com.