search

owasp-modsecurity / ModSecurity

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.
https://www.modsecurity.org
Apache License 2.0
7.67k stars 1.54k forks source link

@rbl operator does not support IPv6 #3131

Open airween opened 3 weeks ago

airween commented 3 weeks ago

Describe the bug

This is a duplicated issue, the first one is more that 4 years old - see #2210.

Seems like @rbl operator does not support IPv6.

There was the issue #3111, during the investigation I found this behavior.

Logs and dumps

This is what I found the log while I tried the operator:

libmodsecurity3:

Target value: "::1" (Variable: REMOTE_ADDR)
Failed to understand `::1' as a valid IP address, assuming domain format input
RBL lookup of ::1 failed.

mod-security2:

Target value: "::1"
RBL lookup of ::1.xbl.spamhaus.org failed at REMOTE_ADDR.

The expected format would be:

1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ipv6.xbl.spamhaus.org

To Reproduce

Use the rule set given at this issue comment, and send a request:

curl -H "Host: localhost" http://[::1]/

Expected behavior

In the log it should be the expected format above, eg:

RBL lookup of 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ipv6.xbl.spamhaus.org failed at REMOTE_ADDR.

Server (please complete the following information):