On Wed, Apr 27, 2011 at 5:34 PM, Abdullah, Ayub <Ayub.Abdullah@...> wrote:
> We are currently using Mod_security 2.5.13 /CRS 2.10 in our environment and
> we were under the impression that Denial of service attacks was a newly
> added feature that allows this functionality. Well we have been running
It sounds like your referring to the new SecReadStateLimit directive.
For more details on that see:
> into all sorts of problems getting this set up correctly. At the moment we
> have enabled xforwarding for on our proxy servers which gives us the ability
> to identify offending IPs that are attacking us. We would like defend
> against these denial of service attacks using mod_security and the
> httpd-guardian tool.
httpd-guardian can help defend against DoS attacks as well, but may be
limited in some scenarios, e.g. multiple clients behind a single
> >From what I have read and assuming httpdguardian is already configured, we
> only need to add one line to the Apache configuration to deploy it:
> SecGuardianLog |/path/to/httpd-guardian
> When I insert the above line it blocks all IPs to the site. How do I
> configure this to blacklist just the offending IP?
What are the $THRESHOLD_1MIN and $THRESHOLD_5MIN variables set to in