Hello All,

I am trying to implement a counter that will check number of 403 from IP address and if exceeded a fixed number/ per minutes redirect that IP to a custom page...

I thougt i could use the config to protect wordpress login, but no success.

Below is what i have tried  any comment will be appreciated.

I tried an attack that has generated 403 errors i tried it 15 times with ZAP but still not redirected/blocked.

I don't think that the part containing the 302 is required... Please let me know.

SecAction phase:1,nolog,pass,initcol:ip=%{REMOTE_ADDR},initcol:user=%{REMOTE_ADDR},id:5000500
    # Setup brute force detection.
    # React if block flag has been set.
    SecRule user:bf_block "@gt 0" "deny,redirect:https://OBFUSCATED/blocked.html,log,id:5000501,msg:'ip address blocked for 5 minutes, more than 10 login attempts in 3 minutes.'"
     SecRule RESPONSE_STATUS "^302" "phase:5,t:none,nolog,pass,setvar:ip.bf_counter=0,id:5000502"
    SecRule RESPONSE_STATUS "^403" "phase:5,chain,t:none,nolog,pass,setvar:ip.bf_counter=+1,deprecatevar:ip.bf_counter=1/180,id:5000503"
    SecRule ip:bf_counter "@gt 3" "t:none,setvar:user.bf_block=1,expirevar:user.bf_block=300,setvar:ip.bf_counter=0"