[mod-security-users] How to limit access rate by header?

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

First of all, I'm new here so I'm not sure this is the right place for
asking for help (free modsec version). If it's not, I'll really appreciate
it if you can tell me where should I go.

I'm trying to limit hit rate by:

1. Request's header (like "facebookexternalhit").
2. (All hits to non static resources)

And then return a friendly "429 Too Many Requests" and "Retry-After: 3"
(seconds).
I know I can read a file of headers like:

SecRule REQUEST_HEADERS:User-Agent "@pmFromFile ratelimit-bots.txt"

But I'm getting trouble building the entire rule.

Any help would be really appreciated. Thank you!