Limit IP after X hits during N seconds for a duration of T seconds

[Matt R]

Hello all,
Been reading mod_qos documentation and it's a lot to comprehend (which is good!).

I'm trying to set it up on my apche envrionment so when tries to access specific URL let's say 200 times in 2 minutes I block them for 2 hours. I'll be using QS_ClientEventLimitCount for this purpose so I can display an error page for them which will serve some sort of Captcha mechanism which, if passed, would reset the counter. The goal is to prevent bruteforcing.

At this point I'm just using example for dos.html

QS_ClientEventLimitCount          20 120 SlowRequest
SetEnvIfPlus              Request_URI / SlowRequest=1
SetEnvIfPlus              Request_URI /generateReport.php SlowRequest=2
SetEnvIfPlus              Request_URI .*\.(jpg)|(jpeg)|(gif)|(png)|(js)|(css)$ !SlowRequest

The way I understanding
QS_ClientEventLimitCount 20 120 SlowRequest

Will limit IPs for 2 mins if they accessed URL 20 times in 2 minutes. Is there a way to limit them for a longer period?

[Pascal Buchbinder]

You can define any duration (second argument).

 QS_ClientEventLimitCount <number> [<seconds> [<variable>]]

But I don't think I understood your question.

[Matt R]

Right, but that duration is too short for me. From what I understand, if I set

QS_ClientEventLimitCount 20 120, it will block anyone who accessess resource 20 times in 2 minutes for only 2 minutes. I would like to block someone for longer than that - let's say an hour (meaning someone whoh accesses my resource 20 times in 2 minutes, I want to block them for 2 hours)

I think i found an answer however. It is in fact in the dos.html documentation and how it works, if someone reached that 20 hints / 2 mins twice within 120 minutes, block them for 120 minutes.

QS_ClientEventLimitCount  3 7200 RepeatedlySlow
QS_SetEnvIf      SlowRequest_Counter=20 RepeatedlySlow=1