I was wondering about setting up a brute force protection against a single
It happens I manage a busy site, and a I've got a bunch of customers
coming to me through large proxies.
This means I can't simply ban an IP
(as dictated by current brute force rule in 2.1.1),
but I'd like to stop a single client
(likely a script mimicking a real browser).
I thought about setting up a global collection
populated by hashing a cookie (different value for each customer).
SecRule REQUEST_COOKIES_NAMES:JSESSIONID "^(.*)$"
I could then try to modify the rules present in
modsecurity_crs_11_brute_force.conf to evaluate that variable.