On 8/8/2005 5:05 PM, Derek Harding wrote:
>>>It allows rules such as:
>>>uricountry URICOUNTRY_CN CN
>>>header URICOUNTRY_CN eval:check_uricountry('URICOUNTRY_CN')
>>>describe URICOUNTRY_CN Contains a URI hosted in China
>>>tflags URICOUNTRY_CN net
>>>score URICOUNTRY_CN 2.0
What's the benefit of using this instead of the uridnsbl plugin? The code
below will look for the IP address behind a URI and then query the
cn-kr.blackholes.us RBL to see if that addr is in China:
uridnsbl URIBL_CNKR cn-kr.blackholes.us TXT
body URIBL_CNKR eval:check_uridnsbl('URIBL_CNKR')
tflags URIBL_CNKR net
score URIBL_CNKR 2.0
I'm sure there's a difference but I guess I'm not seeing it
--
Eric A. Hall http://www.ehsco.com/
Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
