[mod-security-users] Retry-After header not being set?
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[mod-security-users] Retry-After header not being set?
|
From: Jamie B. <ja...@ib...> - 2022-02-15 15:35:41
|
Hi
I’m using the following to rate limit request:
<LocationMatch "^/foo">
SecAction initcol:ip=%{REMOTE_ADDR},pass,nolog,id:100
SecAction "phase:5,deprecatevar:ip.hitcounter=1/10,pass,nolog,id:102"
SecRule IP:HITCOUNTER "@gt 60"
"phase:2,pause:300,deny,status:429,setenv:RATELIMITED,skip:1,nolog,id:103"
SecAction "phase:2,pass,setvar:ip.hitcounter=+1,nolog,id:104"
Header always set Retry-After "10" env=RATELIMITED
</LocationMatch>
The limiting is working as expected, with a 429 response code when reached
but there is no Retry-After header shown in the response. Can anyone help
me to figure out why?
Thanks
Jamie
|
