Have you tried using apache mod_evasion or mod_limitipconn?

On Wed, Apr 27, 2011 at 11:34 AM, Abdullah, Ayub <Ayub.Abdullah@ttb.gov> wrote:

Good Morning,

We are currently using Mod_security 2.5.13 /CRS 2.10 in our environment and we were under the impression that Denial of service attacks was a newly added feature that allows this functionality.† Well we have been running into all sorts of problems getting this set up correctly.† At the moment we have enabled xforwarding for on our proxy servers which gives us the ability to identify offending IPs that are attacking us.†† We would like defend against these denial of service attacks using mod_security and the httpd-guardian tool.

>From what I have read and assuming httpdguardian is already configured, we only need to add one line to the† Apache configuration to deploy it:

SecGuardianLog |/path/to/httpd-guardian

When I insert the above line it blocks all IPs to the site.† How do I configure this to blacklist just the offending IP?

WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network
management toolset available today. †Delivers lowest initial
acquisition cost and overall TCO of any competing solution.
mod-security-users mailing list
ModSecurity Services from Trustwave's SpiderLabs:

David Gomes Guimar„es