Fixed in the trunk. We will release 2.7.1 soon with this fix.



On Fri, Oct 19, 2012 at 4:34 AM, Kristof Baute <> wrote:

I am testing 2.7.0 on an ubuntu box (10.04 64bits) running apache 2.2.14. I have built the source with default options (./configure).

With the DoS rules enabled I get a 500 instead of a connection drop:

19/Oct/2012:11:08:37 +0200] [][rid#7f51ef849b48][/some/path [1] Access denied with code
500 (phase 1) (Error: Connection drop not implemented on this platform). Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity/rules/activated_rules/modsecurity_crs_11_dos_protection.conf"] [line "11"] [id "981044"] [msg "Denial of Service (DoS) Attack Identified from (93 hits since last alert)"]

This problem does not occur with version 2.6.8



Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
mod-security-users mailing list
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: