On 09/24/10 10:41, Stan Hoeppner wrote: > Sahil Tandon put forth on 9/24/2010 7:12 AM: >> On Fri, 2010-09-24 at 05:31:15 -0500, Stan Hoeppner wrote: >> >>> Michael Orlitzky put forth on 9/23/2010 8:37 PM: >>> >>>> # sutton-partners.com >>>> /^64\.191\.79\.245$/ public_rbls >>>> >>>> # mabel.ca >>>> /^70\.38\.108\.42$/ public_rbls >>>> >>>> # dsnews.com >>>> /^209\.172\.40\.21[157]$/ public_rbls >>> >>> Should the carat and dollar be there? I just did some tests with >>> >>> unknown[64.191.79.245] >>> sutton-partners.com[64.191.79.245] >> >> These aren't the input strings. See access(5) ... > > "REGULAR EXPRESSION TABLES > ...Depending on the application, that string is an entire client > hostname, an entire client IP address, or an entire mail address." > > The application check_client_access does both hostname and IP address > lookups. So is the pcre table queried twice in this case, once for > hostname and once for IP address? >
It would be if the hostname 'unknown' doesn't match something. You can actually see the order that the queries get sent to the map if you turn on debug logging (it's not just for getting yelled at on the ML!). The biggest problem I would have with keeping the regular expression map is that, since the hostname is checked first, someone could switch his hostname to 64.191.79.245.example.com and bypass my blacklist check. I might be able to do it with a more complicated regex, but why? Anyway -- thanks everyone for the help -- I switched to a CIDR map last night and it's working correctly today.
