Kristol,

Fixed in the trunk. We will release 2.7.1 soon with this fix.

Thanks

Breno

On Fri, Oct 19, 2012 at 4:34 AM, Kristof Baute <kbaute@reference.be> wrote:
Hi,

I am testing 2.7.0 on an ubuntu box (10.04 64bits) running apache 2.2.14. I have built the source with default options (./configure).

With the DoS rules enabled I get a 500 instead of a connection drop:

19/Oct/2012:11:08:37 +0200] [www.somesite.com/sid#7f51ef5f37d0][rid#7f51ef849b48][/some/path [1] Access denied with code
500 (phase 1) (Error: Connection drop not implemented on this platform). Operator EQ matched 0 at IP. [file "/etc/apache2/modsecurity/rules/activated_rules/modsecurity_crs_11_dos_protection.conf"] [line "11"] [id "981044"] [msg "Denial of Service (DoS) Attack Identified from 1.1.1.1 (93 hits since last alert)"]

This problem does not occur with version 2.6.8

Regards,

Kristof

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_sfd2d_oct
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/