On Fri, May 03, 2013 at 09:39:44AM +1000, Noel Butler wrote: > > real-time blacklist lookup (-> ModSecurity's @rbl operator). > > Try using that on busy servers (webhosts/ISP's)... might be fine for a > SOHO, but in a larger commercial world, forget it, the impact is far > far worse than the other suggestions.
Certainly. But if we run 100% https anyways, enable a local dns cache or even cache the results within apache, would it still be as dangerous? So far my answer has been yes. But I would be interested to hear a response from somebody who was crazy enough to enable it. regs, Christian -- Complexity is the worst enemy of security, and the Internet -- and the computers and processes connected to it -- is getting more complex all the time. -- Bruce Schneier
