[mod-security-users] Logging but not Blocking

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

i have set up rules for slowloris attack for my centos 6 server using
mod_security. It shows me in my log that the attack is being block, but
when I try to reload my page while attacking the server it still hang.

here is error_log:
[warn] ModSecurity: Access denied with code 400. Too many threads [255] of
100 allowed in READ state from *****  - Possible DoS Consumption Attack
[Rejected]

it clearly not blocking the attack.

here is rule:
SecConnReadStateLimit 100
SecConnWriteStateLimit 100

<IfModule reqtimeout_module>
RequestReadTimeout body=30
</IfModule>

SecRule RESPONSE_STATUS "@streq 408"
"phase:5,id:'981051',t:none,nolog,pass,setvar:ip.slow_dos_counter=+1,expirevar:ip.slow_dos_counter=60"
SecRule IP:SLOW_DOS_COUNTER "@gt 5"
"phase:1,id:'981052',t:none,log,drop,msg:'Client Connection Dropped due to
high # of slow DoS alerts'"

I do have reqtimeout installed too.

I am running the latest apache version 2.2 with mod security version 2.8

is there something else that needs to be fixed?