Does ModSecurity have any protection against automated bots? Like spam bots etc lets say to block a user when a max # of sesions per specified connections are reached..? Anything similar to that possible?
[Ryan Barnett] You can certainly do this yourself by utilizing persistent collections. We have an anti-automation rule set option for our commercial support customers that can track access rates to either the entire site or if you wanted to trigger only on specific URLs you can also implement some Brute Force Detection mechanisms (for login pages, etc…).