My guess is the you have a load balancer in front on your site and makes all requests look line they come from one IP. 

Ryan Barnett

Lead Security Researcher, SpiderLabs



On Dec 23, 2013, at 9:29 AM, "Yogesh patel" <> wrote:


In Mod Security, To Prevent Slow HTTP Denial of service attack, i have used one solution from mod security. I used "SecReadStateLimit 50".
When i start apache and start opening my site in browser, it does not load site by "Problem in loading page". But when i saw apache error logs, then in logs,it printed like 
ModSecurity: Access denied with code 400. Too many threads [1920] of 50 allowed in READ state from - Possible DoS Consumption Attack [Rejected].

Can you help me that why it does not preventing from more than 50 request from one ip address?

Is there any mistake in implementation?



Yogesh Patel

Rapidly troubleshoot problems before they affect your business. Most IT
organizations don't have a clear picture of how application performance
affects their revenue. With AppDynamics, you get 100% visibility into your
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
mod-security-users mailing list
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:

This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.