|
From: Brent C. <bre...@gm...> - 2022-03-11 07:40:39
|
Hiya If you want to look to some type of rate limiting.? Rather look to Apaches mod_evasive module. Mod_evasive monitors incoming requests for suspicious activity from one IP, such as: Several requests for the same page in one second. More than 50 simultaneous requests per second. Requests made while the IP is temporarily blacklisted. The module sends a 403 error if any of these things happen. HTH Regards Brent On 2022/03/11 05:59, Patrick Rynhart wrote: > > Hi all, > > I’m wanting to introduce IP based rate limiting protection to our > Apache config, and am basing my config off this Gist: > > https://gist.github.com/josnidhin/91d1ea9cd71fde386c27a9228476834e > > I’m wanting to understand the line: > > SecRule IP:ACCESS_COUNT "@gt {{ burst_rate_limit }}" > "phase:2,pause:300,deny,status:503,setenv:RATELIMITED,skip:1,nolog,id:102" > > In particular what are the units associated with burst_rate_limit ? > What does it mean if you set this variable to a value like 100 ? > (Does this correspond to a rate of 100 per minute ? If not, what does > it correspond to ?) > > Thanks, > > Patrick > > > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ |
