In Mod Security, To Prevent Slow HTTP Denial of service attack, i have used one solution from mod security. I used "SecReadStateLimit 50".
When i start apache and start opening my site in browser, it does not load site by "Problem in loading page". But when i saw apache error logs, then in logs,it printed likeĀ 
ModSecurity: Access denied with code 400. Too many threads [1920] of 50 allowed in READ state from - Possible DoS Consumption Attack [Rejected].

Can you help me that why it does not preventing from more than 50 request from one ip address?

Is there any mistake in implementation?



Yogesh Patel