|
From: Christian F. <chr...@ne...> - 2022-03-11 08:14:26
|
Honestly, I have no idea what this is. It does not look like a ModSecurity variable at all. What you want to achieve can be done by applying the DOS rules in the CRS. However, while several users report good experience with them, I'm not a fan and they are on the way to be removed from the rule set and shifted into an optional plugin. But you may want to try for yourself. Other than that mod_evasive is a traditional module used for this purpose, yet as you noted more for the overall server. An alternative is mod_qos which can be configured in a more granular way. But please wear a helmet when working with mod_qos, it's a bit of a beast. Best, Christian On Fri, Mar 11, 2022 at 03:59:42AM +0000, Patrick Rynhart wrote: > Hi all, > > I’m wanting to introduce IP based rate limiting protection to our Apache config, and am basing my config off this Gist: > > https://gist.github.com/josnidhin/91d1ea9cd71fde386c27a9228476834e > > I’m wanting to understand the line: > > SecRule IP:ACCESS_COUNT "@gt {{ burst_rate_limit }}" "phase:2,pause:300,deny,status:503,setenv:RATELIMITED,skip:1,nolog,id:102" > > In particular what are the units associated with burst_rate_limit ? What does it mean if you set this variable to a value like 100 ? (Does this correspond to a rate of 100 per minute ? If not, what does it correspond to ?) > > Thanks, > > Patrick > > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ |
