Re: [mod-security-users] Trying out "early blocking"
Brought to you by:
victorhora,
zimmerletw
From: Andrew H. <and...@ow...> - 2025-06-19 13:27:28
|
Hi Rakesh, That is a separate issue to the early blocking discussion thread. But you could try taking a look at your Apache logs and see what is causing your '400 Bad Request' responses. Likely, the bad requests are fundamentally malformed and cause an immediate 400 response from Apache. You could move the enforcement of your IP address deny list to somewhere before the ModSecurity stage if this is a problem and you need to ensure a consistent response. As early as possible is ideal, e.g. at a perimeter firewall. Thanks, Andrew |