This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Can you add to WAF to look up another black list?

We seem to be having an issue where some ips are on a black list but not the ones that sophos look up.

Does any one know if it is possible to add in the back end for the WAF to look up another black list? instead of the detault?

Block clients with bad reputation: Based on GeoIPClosed and RBLClosed information you can block clients which have a bad reputation according to their classification. Sophos uses the following classification providers:

RBL sources:
•Commtouch IP Reputation (ctipd.org)
•http.dnsbl.sorbs.net

This thread was automatically locked due to age.

0 BAlfson over 7 years ago

Doing the following may void your warranty. Be sure to get a good backup off the UTM before you do anything at the command line.

I used cc get reverse_proxy blacklist dnsrbl_zones to see the following:

[
          'black.rbl.ctipd.astaro.local',
          'http.dnsbl.sorbs.net'
        ]

I don't know any other suppliers of lists of open proxies and TOR exit nodes, but they will need to work like http://www.sorbs.net/general/using.shtml.

If you wanted to add http.dnsbl.sorbs.net

cc
reverse_proxy
blacklist
dnsrbl_zones
+http.dnsbl.sorbs.net
exit

Afterwards, use the cc get command above to check your work.

Please share if you find another appropriate blacklist.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Can you add to WAF to look up another black list?

Submitted a Tech Support Case lately from the Support Portal?