Just Launched: You can now import projects and releases from Google Code onto SourceForge
We are excited to release new functionality to enable a 1-click import from Google Code onto the Allura platform on SourceForge. You can import tickets, wikis, source, releases, and more with a few simple steps. Read More
I'm tring to mitigate slow read attack via SecWriteStateLimit and
My environment is varnish + apache with mod_rpaf to get real client IP.
slowhttptest -c 10 -B -u http://URL
The log contain:
[Mon Mar 12 17:19:05 2012] [warn] ModSecurity: Access denied with code
400. Too many threads  of 5 allowed in WRITE state from 82.85.Y.X -
Possible DoS Consumption Attack [Rejected]
[Mon Mar 12 17:19:08 2012] [warn] ModSecurity: Access denied with code
400. Too many threads  of 5 allowed in READ state from 127.0.0.1 -
Possible DoS Consumption Attack [Rejected
So: in write state the detected ip is fine, but with READ state is wrong.
I suppose that, detecting READ state, mod_rpaf operate too late, but I
don't know if there is a way to change this order.
Thanks a lot