http:BL

Nova WAF's can integrate with the Project Honey Pot HTTP Blocklist service automatically for you.

Key Required

To use the http:BL you must register for a free API keyopen in new window.

Introduction

When an IP address connects to a Nova with WAF enabled, and you have turned on the http:BL a DNS query is sent with the connecting IP inside of it. Based on the DNS reply from Project Honey Pot we can then identify that IP as matching something we may want to block, like a spammer.

Nova caches this information for a short time for performance reasons, but naturally this does create a performance delay depending on your DNS and network performance. Generally, it is minimal.

How it Works

Assuming you are querying the IP address 127.1.1.7 and your access key is yourprivatekey, a DNS query looks like this:

yourprivatekey.7.1.1.127.dnsbl.httpbl.org
[Access Key] [Octet-Reversed IP] 

Note that the IP address being queried is sent in the reversed octet format. In other words, "127.1.1.7" should become "7.1.1.127" for all DNS queries.

Project Honey Pot then replies with a DNS address to the Nova. We read the last octet of that address and translate it like so:

Value	Meaning
0	    Search Engine
1	    Suspicious
2	    Harvester
4	    Comment Spammer

For more information please read the documentation at Project Honey Potopen in new window.

Blocklists

Nova WAF supports blocking 4 types of classifications of IP addresses:

ListDescription
Search EnginesBlock IP addresses attached to known search engine bots. This is generally not recommended.
SuspiciousBlock IP addresses that are SUSPECTED to be abusive, but have not yet actually committed an act.
HarvesterBlock IP addresses that are known to be scraping email addresses and personal details for spam.
SpammersBlock IP addresses that have been used for comment spam on websites and are known to be spam sources.