[prev in list] [next in list] [prev in thread] [next in thread]
List: mod-security-users
Subject: [mod-security-users] Race Conditions and mod_security Variables
From: Patrick Rynhart <P.Rynhart () massey ! ac ! nz>
Date: 2022-03-13 4:07:25
Message-ID: SYBPR01MB64643567551C9680837A1665C80E9 () SYBPR01MB6464 ! ausprd01 ! prod ! outlook ! com
[Download RAW message or body]
Hi all,
Does mod_security have a race condition problem/issue with its variables, or am I \
doing something incorrect with my configuration ? (See details below.)
I’m wanting to rate limit connections to a resource to no more than 20 requests in a \
minute. What I’m finding is that if (from a test client) I spawn connection requests \
as fast as possible, i.e.:
#!/bin/bash
for ((i=1;i<=3000;i++));
do
nohup /usr/bin/curl -b /path/to/cookies \
https://myserver.url/fragile/script.php & done
Then I was surprised to find that I could far more than 20 requests – I got not 20 \
but more than 350 requests through via my test.
When I set:
SecDebugLog /var/log/httpd/modsec_debug.log
SecDebugLogLevel 9
I was able to see what was happening. This is modsec_debug grepped for “Set \
variable” and you can see that there’s an apparent race condition involving the \
variables as follows (note the short time period of 13 seconds):
[13/Mar/2022:16:50:39 +1300] \
[myserver.url/sid#56481359f968][rid#564813818810][/fragile/script.php][9] Set \
variable "ip.access_count" to "1". [13/Mar/2022:16:50:39 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "1". [13/Mar/2022:16:50:39 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "1". [13/Mar/2022:16:50:39 +1300] \
[myserver.url/sid#56481359f968][rid#564813826880][/fragile/script.php][9] Set \
variable "ip.access_count" to "1". [13/Mar/2022:16:50:40 +1300] \
[myserver.url/sid#56481359f968][rid#564813818880][/fragile/script.php][9] Set \
variable "ip.access_count" to "2". [13/Mar/2022:16:50:40 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "2". [13/Mar/2022:16:50:40 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "2". [13/Mar/2022:16:50:40 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "2". [13/Mar/2022:16:50:40 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "2". [13/Mar/2022:16:50:40 +1300] \
[myserver.url/sid#56481359f968][rid#564813818810][/fragile/script.php][9] Set \
variable "ip.access_count" to "1". [13/Mar/2022:16:50:41 +1300] \
[myserver.url/sid#56481359f968][rid#564813818880][/fragile/script.php][9] Set \
variable "ip.access_count" to "2". [13/Mar/2022:16:50:41 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "2". [13/Mar/2022:16:50:41 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "2". [13/Mar/2022:16:50:41 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "2". [13/Mar/2022:16:50:41 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "2". [13/Mar/2022:16:50:41 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "2". [13/Mar/2022:16:50:41 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "2". [13/Mar/2022:16:50:41 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "2". [13/Mar/2022:16:50:41 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "2". [13/Mar/2022:16:50:41 +1300] \
[myserver.url/sid#56481359f968][rid#564813828890][/fragile/script.php][9] Set \
variable "ip.access_count" to "1". [13/Mar/2022:16:50:41 +1300] \
[myserver.url/sid#56481359f968][rid#5648138e3f70][/fragile/script.php][9] Set \
variable "ip.access_count" to "2". [13/Mar/2022:16:50:42 +1300] \
[myserver.url/sid#56481359f968][rid#564813818880][/fragile/script.php][9] Set \
variable "ip.access_count" to "3". [13/Mar/2022:16:50:42 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "3". [13/Mar/2022:16:50:42 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "3". [13/Mar/2022:16:50:42 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "3". [13/Mar/2022:16:50:42 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "3". [13/Mar/2022:16:50:42 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "3". [13/Mar/2022:16:50:42 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "3". [13/Mar/2022:16:50:42 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "3". [13/Mar/2022:16:50:42 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "3". [13/Mar/2022:16:50:42 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "3". [13/Mar/2022:16:50:42 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "3". [13/Mar/2022:16:50:42 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "3". [13/Mar/2022:16:50:42 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "3". [13/Mar/2022:16:50:42 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "3". [13/Mar/2022:16:50:42 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "3". [13/Mar/2022:16:50:42 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "3". [13/Mar/2022:16:50:42 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "3".
<< More than 300 lines with the same pattern as the above >>
[13/Mar/2022:16:50:51 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "19".
[13/Mar/2022:16:50:51 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "19".
[13/Mar/2022:16:50:51 +1300] \
[myserver.url/sid#56481359f968][rid#564813818880][/fragile/script.php][9] Set \
variable "ip.access_count" to "20".
[13/Mar/2022:16:50:52 +1300] \
[myserver.url/sid#56481359f968][rid#564813818880][/fragile/script.php][9] Set \
variable "ip.access_count" to "20".
[13/Mar/2022:16:50:52 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "21".
[13/Mar/2022:16:50:52 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "21".
[13/Mar/2022:16:50:52 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "21".
[13/Mar/2022:16:50:52 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "21".
[13/Mar/2022:16:50:52 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "21".
[13/Mar/2022:16:50:52 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "21".
[13/Mar/2022:16:50:52 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "21".
[13/Mar/2022:16:50:52 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "21".
[13/Mar/2022:16:50:52 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "21".
[13/Mar/2022:16:50:52 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "21".
[13/Mar/2022:16:50:52 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "21".
[13/Mar/2022:16:50:52 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "21".
[13/Mar/2022:16:50:52 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "21".
[13/Mar/2022:16:50:52 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "21".
[13/Mar/2022:16:50:52 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "21".
[13/Mar/2022:16:50:52 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "21".
[13/Mar/2022:16:50:52 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "21".
[13/Mar/2022:16:50:52 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "21".
[13/Mar/2022:16:50:52 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "21".
[13/Mar/2022:16:50:52 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "21".
[13/Mar/2022:16:50:52 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "21".
[13/Mar/2022:16:50:52 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "21".
[13/Mar/2022:16:50:52 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "21".
[13/Mar/2022:16:50:52 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "21".
[13/Mar/2022:16:50:52 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "21".
[13/Mar/2022:16:50:52 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "21".
[13/Mar/2022:16:50:52 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "21".
[13/Mar/2022:16:50:52 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "21".
[13/Mar/2022:16:50:52 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "21".
[13/Mar/2022:16:50:52 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "21".
[13/Mar/2022:16:50:52 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "21".
[13/Mar/2022:16:50:52 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "21".
For “well behaved clients” there is no problem (i.e. if I send a request with a \
second pause etc between requests) – but the “fast as possible / brute force” incurs \
the above.
Looking at the Apache logs – for my 3,000 brute force connection attempts, I got 358 \
with HTTP Code 200, and 2642 with HTTP Code 429 (not 20 and 2950 respectively as \
expected).
Is this a bug with mod_security ? Is there any way to avoid/workaround the above – \
even if it incurs some performance overhead ?
My complete mod_security config is:
<IfModule mod_security2.c>
SecRuleEngine On
SecRequestBodyAccess Off
SecResponseBodyAccess Off
SecDebugLog /var/log/httpd/modsec_debug.log
SecDebugLogLevel 9
SecAuditEngine RelevantOnly
SecAuditLogRelevantStatus "^(?:5|4(?!04))"
SecAuditLogParts ABIJDEFHZ
SecAuditLogType Serial
SecAuditLog /var/log/httpd/modsec_audit.log
SecArgumentSeparator &
SecCookieFormat 0
SecTmpDir /var/lib/mod_security
SecDataDir /var/lib/mod_security
<LocationMatch "^/fragile/script.php.*">
# initialise the state based on X-Forwarded-For ip address
SecRule REQUEST_HEADERS:X-Forwarded-For "@unconditionalMatch" \
"phase:2,initcol:ip=%{MATCHED_VAR},pass,nolog,id:100" SecRule IP:ACCESS_COUNT "@gt \
20" "phase:2,deny,status:429,setenv:RATELIMITED,skip:1,nolog,id:102" SecAction \
"phase:2,setvar:ip.access_count=+1,pass,nolog,id:103" SecAction \
"phase:5,ctl:auditEngine=On,deprecatevar:ip.access_count=20/60,pass,nolog,id:104" \
Header always set Retry-After "10" env=RATELIMITED </LocationMatch>
ErrorDocument 429 "Rate Limited"
Thanks in Advance,
Patrick
[Attachment #3 (text/html)]
<html xmlns:o="urn:schemas-microsoft-com:office:office" \
xmlns:w="urn:schemas-microsoft-com:office:word" \
xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" \
xmlns="http://www.w3.org/TR/REC-html40"> <head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Menlo;
panose-1:2 11 6 9 3 8 4 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
p.p1, li.p1, div.p1
{mso-style-name:p1;
margin:0cm;
font-size:8.5pt;
font-family:Menlo;
color:black;}
span.s1
{mso-style-name:s1;}
span.apple-converted-space
{mso-style-name:apple-converted-space;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style>
</head>
<body lang="EN-NZ" link="#0563C1" vlink="#954F72" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal"><span lang="EN-US">Hi all,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Does mod_security have a race condition \
problem/issue with its variables, or am I doing something incorrect with my \
configuration ? (See details below.)<o:p></o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US">I’m wanting to rate limit connections to a \
resource to no more than 20 requests in a minute. What I’m finding is that if \
(from a test client) I spawn connection requests as fast as possible, \
i.e.:<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US"><o:p> </o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">#!/bin/bash<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">for ((i=1;i<=3000;i++));<o:p></o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US">do<o:p></o:p></span></p> <p \
class="MsoNormal"><span \
lang="EN-US"> \
nohup /usr/bin/curl -b /path/to/cookies <a \
href="https://myserver.url/fragile/script.php">https://myserver.url/fragile/script.php</a> \
&<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">done<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US"><o:p> </o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">Then I was surprised to find that I could far more than 20 requests – I \
got not 20 but more than 350 requests through via my test. \
<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US"><o:p> </o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">When I set:<o:p></o:p></span></p> <p class="p1"><span \
class="apple-converted-space"> </span><span class="s1">SecDebugLog \
/var/log/httpd/modsec_debug.log</span><o:p></o:p></p> <p class="p1"><span \
class="apple-converted-space"> </span><span class="s1">SecDebugLogLevel \
9</span><o:p></o:p></p> <p class="MsoNormal"><span \
lang="EN-US"><o:p> </o:p></span></p> <p class="MsoNormal"><span lang="EN-US">I \
was able to see what was happening. This is modsec_debug grepped for “Set \
variable” and you can see that there’s an apparent race condition involving the \
variables as follows (note the short time period of 13 \
seconds):<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US"><o:p> </o:p></span></p> <p class="MsoNormal"><span \
style="font-size:8.5pt;font-family:Menlo;color:black;background:#1396A3;mso-fareast-language:EN-GB">[</span><span \
style="font-size:8.5pt;font-family:Menlo;color:black;mso-fareast-language:EN-GB">13/Mar/2022:16:50:39 \
+1300<span style="background:#1396A3">]</span> \
[myserver.url/sid#56481359f968][rid#564813818810][/fragile/script.php][9] Set \
variable "ip.access_count" to "1".<o:p></o:p></span></p> <p \
class="MsoNormal"><span \
style="font-size:8.5pt;font-family:Menlo;color:black;mso-fareast-language:EN-GB">[13/Mar/2022:16:50:39 \
+1300] [myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "1".<o:p></o:p></span></p> <p \
class="MsoNormal"><span \
style="font-size:8.5pt;font-family:Menlo;color:black;mso-fareast-language:EN-GB">[13/Mar/2022:16:50:39 \
+1300] [myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "1".<o:p></o:p></span></p> <p \
class="MsoNormal"><span \
style="font-size:8.5pt;font-family:Menlo;color:black;mso-fareast-language:EN-GB">[13/Mar/2022:16:50:39 \
+1300] [myserver.url/sid#56481359f968][rid#564813826880][/fragile/script.php][9] Set \
variable "ip.access_count" to "1".<o:p></o:p></span></p> <p \
class="MsoNormal"><span \
style="font-size:8.5pt;font-family:Menlo;color:black;mso-fareast-language:EN-GB">[13/Mar/2022:16:50:40 \
+1300] [myserver.url/sid#56481359f968][rid#564813818880][/fragile/script.php][9] Set \
variable "ip.access_count" to "2".<o:p></o:p></span></p> <p \
class="MsoNormal"><span \
style="font-size:8.5pt;font-family:Menlo;color:black;mso-fareast-language:EN-GB">[13/Mar/2022:16:50:40 \
+1300] [myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "2".<o:p></o:p></span></p> <p \
class="MsoNormal"><span \
style="font-size:8.5pt;font-family:Menlo;color:black;mso-fareast-language:EN-GB">[13/Mar/2022:16:50:40 \
+1300] [myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "2".<o:p></o:p></span></p> <p \
class="MsoNormal"><span \
style="font-size:8.5pt;font-family:Menlo;color:black;mso-fareast-language:EN-GB">[13/Mar/2022:16:50:40 \
+1300] [myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "2".<o:p></o:p></span></p> <p \
class="MsoNormal"><span \
style="font-size:8.5pt;font-family:Menlo;color:black;mso-fareast-language:EN-GB">[13/Mar/2022:16:50:40 \
+1300] [myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "2".<o:p></o:p></span></p> <p \
class="MsoNormal"><span \
style="font-size:8.5pt;font-family:Menlo;color:black;mso-fareast-language:EN-GB">[13/Mar/2022:16:50:40 \
+1300] [myserver.url/sid#56481359f968][rid#564813818810][/fragile/script.php][9] Set \
variable "ip.access_count" to "1".<o:p></o:p></span></p> <p \
class="MsoNormal"><span \
style="font-size:8.5pt;font-family:Menlo;color:black;mso-fareast-language:EN-GB">[13/Mar/2022:16:50:41 \
+1300] [myserver.url/sid#56481359f968][rid#564813818880][/fragile/script.php][9] Set \
variable "ip.access_count" to "2".<o:p></o:p></span></p> <p \
class="MsoNormal"><span \
style="font-size:8.5pt;font-family:Menlo;color:black;mso-fareast-language:EN-GB">[13/Mar/2022:16:50:41 \
+1300] [myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "2".<o:p></o:p></span></p> <p \
class="MsoNormal"><span \
style="font-size:8.5pt;font-family:Menlo;color:black;mso-fareast-language:EN-GB">[13/Mar/2022:16:50:41 \
+1300] [myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "2".<o:p></o:p></span></p> <p \
class="MsoNormal"><span \
style="font-size:8.5pt;font-family:Menlo;color:black;mso-fareast-language:EN-GB">[13/Mar/2022:16:50:41 \
+1300] [myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "2".<o:p></o:p></span></p> <p \
class="MsoNormal"><span \
style="font-size:8.5pt;font-family:Menlo;color:black;mso-fareast-language:EN-GB">[13/Mar/2022:16:50:41 \
+1300] [myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "2".<o:p></o:p></span></p> <p \
class="MsoNormal"><span \
style="font-size:8.5pt;font-family:Menlo;color:black;mso-fareast-language:EN-GB">[13/Mar/2022:16:50:41 \
+1300] [myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "2".<o:p></o:p></span></p> <p \
class="MsoNormal"><span \
style="font-size:8.5pt;font-family:Menlo;color:black;mso-fareast-language:EN-GB">[13/Mar/2022:16:50:41 \
+1300] [myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "2".<o:p></o:p></span></p> <p \
class="MsoNormal"><span \
style="font-size:8.5pt;font-family:Menlo;color:black;mso-fareast-language:EN-GB">[13/Mar/2022:16:50:41 \
+1300] [myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "2".<o:p></o:p></span></p> <p \
class="MsoNormal"><span \
style="font-size:8.5pt;font-family:Menlo;color:black;mso-fareast-language:EN-GB">[13/Mar/2022:16:50:41 \
+1300] [myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "2".<o:p></o:p></span></p> <p \
class="MsoNormal"><span \
style="font-size:8.5pt;font-family:Menlo;color:black;mso-fareast-language:EN-GB">[13/Mar/2022:16:50:41 \
+1300] [myserver.url/sid#56481359f968][rid#564813828890][/fragile/script.php][9] Set \
variable "ip.access_count" to "1".<o:p></o:p></span></p> <p \
class="MsoNormal"><span \
style="font-size:8.5pt;font-family:Menlo;color:black;mso-fareast-language:EN-GB">[13/Mar/2022:16:50:41 \
+1300] [myserver.url/sid#56481359f968][rid#5648138e3f70][/fragile/script.php][9] Set \
variable "ip.access_count" to "2".<o:p></o:p></span></p> <p \
class="MsoNormal"><span \
style="font-size:8.5pt;font-family:Menlo;color:black;mso-fareast-language:EN-GB">[13/Mar/2022:16:50:42 \
+1300] [myserver.url/sid#56481359f968][rid#564813818880][/fragile/script.php][9] Set \
variable "ip.access_count" to "3".<o:p></o:p></span></p> <p \
class="MsoNormal"><span \
style="font-size:8.5pt;font-family:Menlo;color:black;mso-fareast-language:EN-GB">[13/Mar/2022:16:50:42 \
+1300] [myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "3".<o:p></o:p></span></p> <p \
class="MsoNormal"><span \
style="font-size:8.5pt;font-family:Menlo;color:black;mso-fareast-language:EN-GB">[13/Mar/2022:16:50:42 \
+1300] [myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "3".<o:p></o:p></span></p> <p \
class="MsoNormal"><span \
style="font-size:8.5pt;font-family:Menlo;color:black;mso-fareast-language:EN-GB">[13/Mar/2022:16:50:42 \
+1300] [myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "3".<o:p></o:p></span></p> <p \
class="MsoNormal"><span \
style="font-size:8.5pt;font-family:Menlo;color:black;mso-fareast-language:EN-GB">[13/Mar/2022:16:50:42 \
+1300] [myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "3".<o:p></o:p></span></p> <p \
class="MsoNormal"><span \
style="font-size:8.5pt;font-family:Menlo;color:black;mso-fareast-language:EN-GB">[13/Mar/2022:16:50:42 \
+1300] [myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "3".<o:p></o:p></span></p> <p \
class="MsoNormal"><span \
style="font-size:8.5pt;font-family:Menlo;color:black;mso-fareast-language:EN-GB">[13/Mar/2022:16:50:42 \
+1300] [myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "3".<o:p></o:p></span></p> <p \
class="MsoNormal"><span \
style="font-size:8.5pt;font-family:Menlo;color:black;mso-fareast-language:EN-GB">[13/Mar/2022:16:50:42 \
+1300] [myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "3".<o:p></o:p></span></p> <p \
class="MsoNormal"><span \
style="font-size:8.5pt;font-family:Menlo;color:black;mso-fareast-language:EN-GB">[13/Mar/2022:16:50:42 \
+1300] [myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "3".<o:p></o:p></span></p> <p \
class="MsoNormal"><span \
style="font-size:8.5pt;font-family:Menlo;color:black;mso-fareast-language:EN-GB">[13/Mar/2022:16:50:42 \
+1300] [myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "3".<o:p></o:p></span></p> <p \
class="MsoNormal"><span \
style="font-size:8.5pt;font-family:Menlo;color:black;mso-fareast-language:EN-GB">[13/Mar/2022:16:50:42 \
+1300] [myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "3".<o:p></o:p></span></p> <p \
class="MsoNormal"><span \
style="font-size:8.5pt;font-family:Menlo;color:black;mso-fareast-language:EN-GB">[13/Mar/2022:16:50:42 \
+1300] [myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "3".<o:p></o:p></span></p> <p \
class="MsoNormal"><span \
style="font-size:8.5pt;font-family:Menlo;color:black;mso-fareast-language:EN-GB">[13/Mar/2022:16:50:42 \
+1300] [myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "3".<o:p></o:p></span></p> <p \
class="MsoNormal"><span \
style="font-size:8.5pt;font-family:Menlo;color:black;mso-fareast-language:EN-GB">[13/Mar/2022:16:50:42 \
+1300] [myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "3".<o:p></o:p></span></p> <p \
class="MsoNormal"><span \
style="font-size:8.5pt;font-family:Menlo;color:black;mso-fareast-language:EN-GB">[13/Mar/2022:16:50:42 \
+1300] [myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "3".<o:p></o:p></span></p> <p \
class="MsoNormal"><span \
style="font-size:8.5pt;font-family:Menlo;color:black;mso-fareast-language:EN-GB">[13/Mar/2022:16:50:42 \
+1300] [myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "3".<o:p></o:p></span></p> <p \
class="MsoNormal"><span \
style="font-size:8.5pt;font-family:Menlo;color:black;mso-fareast-language:EN-GB">[13/Mar/2022:16:50:42 \
+1300] [myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "3".<o:p></o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p> <p \
class="MsoNormal"><b><span lang="EN-US"><< More than 300 lines with the same \
pattern as the above >><o:p></o:p></span></b></p> <p class="MsoNormal"><span \
lang="EN-US"><o:p> </o:p></span></p> <p class="p1"><span \
class="s1">[13/Mar/2022:16:50:51 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "19".</span><o:p></o:p></p> <p \
class="p1"><span class="s1">[13/Mar/2022:16:50:51 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "19".</span><o:p></o:p></p> <p \
class="p1"><span class="s1">[13/Mar/2022:16:50:51 +1300] \
[myserver.url/sid#56481359f968][rid#564813818880][/fragile/script.php][9] Set \
variable "ip.access_count" to "20".</span><o:p></o:p></p> <p \
class="p1"><span class="s1">[13/Mar/2022:16:50:52 +1300] \
[myserver.url/sid#56481359f968][rid#564813818880][/fragile/script.php][9] Set \
<p class="p1"><span class="s1">[13/Mar/2022:16:50:52 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "21".</span><o:p></o:p></p> <p \
class="p1"><span class="s1">[13/Mar/2022:16:50:52 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "21".</span><o:p></o:p></p> <p \
class="p1"><span class="s1">[13/Mar/2022:16:50:52 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "21".</span><o:p></o:p></p> <p \
class="p1"><span class="s1">[13/Mar/2022:16:50:52 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "21".</span><o:p></o:p></p> <p \
class="p1"><span class="s1">[13/Mar/2022:16:50:52 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "21".</span><o:p></o:p></p> <p \
class="p1"><span class="s1">[13/Mar/2022:16:50:52 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "21".</span><o:p></o:p></p> <p \
class="p1"><span class="s1">[13/Mar/2022:16:50:52 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "21".</span><o:p></o:p></p> <p \
class="p1"><span class="s1">[13/Mar/2022:16:50:52 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "21".</span><o:p></o:p></p> <p \
class="p1"><span class="s1">[13/Mar/2022:16:50:52 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "21".</span><o:p></o:p></p> <p \
class="p1"><span class="s1">[13/Mar/2022:16:50:52 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "21".</span><o:p></o:p></p> <p \
class="p1"><span class="s1">[13/Mar/2022:16:50:52 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "21".</span><o:p></o:p></p> <p \
class="p1"><span class="s1">[13/Mar/2022:16:50:52 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "21".</span><o:p></o:p></p> <p \
class="p1"><span class="s1">[13/Mar/2022:16:50:52 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "21".</span><o:p></o:p></p> <p \
class="p1"><span class="s1">[13/Mar/2022:16:50:52 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "21".</span><o:p></o:p></p> <p \
class="p1"><span class="s1">[13/Mar/2022:16:50:52 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "21".</span><o:p></o:p></p> <p \
class="p1"><span class="s1">[13/Mar/2022:16:50:52 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "21".</span><o:p></o:p></p> <p \
class="p1"><span class="s1">[13/Mar/2022:16:50:52 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "21".</span><o:p></o:p></p> <p \
class="p1"><span class="s1">[13/Mar/2022:16:50:52 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "21".</span><o:p></o:p></p> <p \
class="p1"><span class="s1">[13/Mar/2022:16:50:52 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "21".</span><o:p></o:p></p> <p \
class="p1"><span class="s1">[13/Mar/2022:16:50:52 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "21".</span><o:p></o:p></p> <p \
class="p1"><span class="s1">[13/Mar/2022:16:50:52 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "21".</span><o:p></o:p></p> <p \
class="p1"><span class="s1">[13/Mar/2022:16:50:52 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "21".</span><o:p></o:p></p> <p \
class="p1"><span class="s1">[13/Mar/2022:16:50:52 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "21".</span><o:p></o:p></p> <p \
class="p1"><span class="s1">[13/Mar/2022:16:50:52 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "21".</span><o:p></o:p></p> <p \
class="p1"><span class="s1">[13/Mar/2022:16:50:52 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "21".</span><o:p></o:p></p> <p \
class="p1"><span class="s1">[13/Mar/2022:16:50:52 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "21".</span><o:p></o:p></p> <p \
class="p1"><span class="s1">[13/Mar/2022:16:50:52 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "21".</span><o:p></o:p></p> <p \
class="p1"><span class="s1">[13/Mar/2022:16:50:52 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "21".</span><o:p></o:p></p> <p \
class="p1"><span class="s1">[13/Mar/2022:16:50:52 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "21".</span><o:p></o:p></p> <p \
class="p1"><span class="s1">[13/Mar/2022:16:50:52 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "21".</span><o:p></o:p></p> <p \
class="p1"><span class="s1">[13/Mar/2022:16:50:52 +1300] \
[myserver.url/sid#56481359f968][rid#564813816870][/fragile/script.php][9] Set \
variable "ip.access_count" to "21".</span><o:p></o:p></p> <p \
class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US">For “well behaved clients” there is no problem \
(i.e. if I send a request with a second pause etc between requests) – but the “fast \
as possible / brute force” incurs the above.<o:p></o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US">Looking at the Apache logs – for my 3,000 brute \
force connection attempts, I got 358 with HTTP Code 200, and 2642 with HTTP Code 429 \
(not 20 and 2950 respectively as expected).<o:p></o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US">Is this a bug with mod_security ? Is there \
any way to avoid/workaround the above – even if it incurs some performance overhead \
?<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US"><o:p> </o:p></span></p> <p class="MsoNormal"><span lang="EN-US">My \
complete mod_security config is:<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US"><o:p> </o:p></span></p> <p class="MsoNormal"><span \
style="font-size:8.5pt;font-family:Menlo;color:#D17125;mso-fareast-language:EN-GB"><IfModule</span><span \
style="font-size:8.5pt;font-family:Menlo;color:#CA3323;mso-fareast-language:EN-GB"> \
mod_security2.c</span><span \
style="font-size:8.5pt;font-family:Menlo;color:#D17125;mso-fareast-language:EN-GB">></span><span \
style="font-size:8.5pt;font-family:Menlo;color:#CA3323;mso-fareast-language:EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span \
style="font-size:8.5pt;font-family:Menlo;color:black;mso-fareast-language:EN-GB"> \
SecRuleEngine </span><span \
style="font-size:8.5pt;font-family:Menlo;color:#CA3323;mso-fareast-language:EN-GB">On</span><span \
style="font-size:8.5pt;font-family:Menlo;color:black;mso-fareast-language:EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span \
style="font-size:8.5pt;font-family:Menlo;color:black;mso-fareast-language:EN-GB"> \
SecRequestBodyAccess </span><span \
style="font-size:8.5pt;font-family:Menlo;color:#CA3323;mso-fareast-language:EN-GB">Off</span><span \
style="font-size:8.5pt;font-family:Menlo;color:black;mso-fareast-language:EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span \
style="font-size:8.5pt;font-family:Menlo;color:black;mso-fareast-language:EN-GB"> \
SecResponseBodyAccess </span><span \
style="font-size:8.5pt;font-family:Menlo;color:#CA3323;mso-fareast-language:EN-GB">Off</span><span \
style="font-size:8.5pt;font-family:Menlo;color:black;mso-fareast-language:EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span \
style="font-size:8.5pt;font-family:Menlo;color:black;mso-fareast-language:EN-GB"> \
SecDebugLog /var/log/httpd/modsec_debug.log<o:p></o:p></span></p> <p \
class="MsoNormal"><span \
style="font-size:8.5pt;font-family:Menlo;color:black;mso-fareast-language:EN-GB"> \
SecDebugLogLevel 9<o:p></o:p></span></p> <p class="MsoNormal"><span \
style="font-size:8.5pt;font-family:Menlo;color:black;mso-fareast-language:EN-GB"> \
SecAuditEngine RelevantOnly<o:p></o:p></span></p> <p class="MsoNormal"><span \
style="font-size:8.5pt;font-family:Menlo;color:black;mso-fareast-language:EN-GB"> \
SecAuditLogRelevantStatus </span><span \
style="font-size:8.5pt;font-family:Menlo;color:#CA3323;mso-fareast-language:EN-GB">"^(?:5|4(?!04))"</span><span \
style="font-size:8.5pt;font-family:Menlo;color:black;mso-fareast-language:EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span \
style="font-size:8.5pt;font-family:Menlo;color:black;mso-fareast-language:EN-GB"> \
SecAuditLogParts ABIJDEFHZ<o:p></o:p></span></p> <p class="MsoNormal"><span \
style="font-size:8.5pt;font-family:Menlo;color:black;mso-fareast-language:EN-GB"> \
SecAuditLogType Serial<o:p></o:p></span></p> <p class="MsoNormal"><span \
style="font-size:8.5pt;font-family:Menlo;color:black;mso-fareast-language:EN-GB"> \
SecAuditLog /var/log/httpd/modsec_audit.log<o:p></o:p></span></p> <p \
class="MsoNormal"><span \
style="font-size:8.5pt;font-family:Menlo;color:black;mso-fareast-language:EN-GB"> \
SecArgumentSeparator &<o:p></o:p></span></p> <p class="MsoNormal"><span \
style="font-size:8.5pt;font-family:Menlo;color:black;mso-fareast-language:EN-GB"> \
SecCookieFormat 0<o:p></o:p></span></p> <p class="MsoNormal"><span \
style="font-size:8.5pt;font-family:Menlo;color:black;mso-fareast-language:EN-GB"> \
SecTmpDir /var/lib/mod_security<o:p></o:p></span></p> <p \
class="MsoNormal"><span \
style="font-size:8.5pt;font-family:Menlo;color:black;mso-fareast-language:EN-GB"> \
SecDataDir /var/lib/mod_security<o:p></o:p></span></p> <p \
class="MsoNormal"><span \
style="font-size:8.5pt;font-family:Menlo;color:black;mso-fareast-language:EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><span \
style="font-size:8.5pt;font-family:Menlo;color:#D17125;mso-fareast-language:EN-GB"><LocationMatch</span><span \
style="font-size:8.5pt;font-family:Menlo;color:#CA3323;mso-fareast-language:EN-GB"> \
"^/fragile/script.php.*"</span><span \
style="font-size:8.5pt;font-family:Menlo;color:#D17125;mso-fareast-language:EN-GB">></span><span \
style="font-size:8.5pt;font-family:Menlo;color:#CA3323;mso-fareast-language:EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span \
style="font-size:8.5pt;font-family:Menlo;color:#5620F4;mso-fareast-language:EN-GB"> \
# initialise the state based on X-Forwarded-For ip address<o:p></o:p></span></p> <p \
class="MsoNormal"><span \
style="font-size:8.5pt;font-family:Menlo;color:black;mso-fareast-language:EN-GB"> \
SecRule REQUEST_HEADERS:X-Forwarded-For </span><span \
style="font-size:8.5pt;font-family:Menlo;color:#CA3323;mso-fareast-language:EN-GB">"@unconditionalMatch"</span><span \
style="font-size:8.5pt;font-family:Menlo;color:black;mso-fareast-language:EN-GB"> \
</span><span style="font-size:8.5pt;font-family:Menlo;color:#CA3323;mso-fareast-langua \
ge:EN-GB">"phase:2,initcol:ip=%{MATCHED_VAR},pass,nolog,id:100"<o:p></o:p></span></p>
<p class="MsoNormal"><span \
style="font-size:8.5pt;font-family:Menlo;color:black;mso-fareast-language:EN-GB"> \
SecRule IP:ACCESS_COUNT </span><span \
style="font-size:8.5pt;font-family:Menlo;color:#CA3323;mso-fareast-language:EN-GB">"@gt \
20"</span><span \
style="font-size:8.5pt;font-family:Menlo;color:black;mso-fareast-language:EN-GB"> \
</span><span style="font-size:8.5pt;font-family:Menlo;color:#CA3323;mso-fareast-langua \
ge:EN-GB">"phase:2,deny,status:429,setenv:RATELIMITED,skip:1,nolog,id:102"<o:p></o:p></span></p>
<p class="MsoNormal"><span \
style="font-size:8.5pt;font-family:Menlo;color:black;mso-fareast-language:EN-GB"> \
SecAction </span><span \
style="font-size:8.5pt;font-family:Menlo;color:#CA3323;mso-fareast-language:EN-GB">&qu \
ot;phase:2,setvar:ip.access_count=+1,pass,nolog,id:103"<o:p></o:p></span></p> <p \
class="MsoNormal"><span \
style="font-size:8.5pt;font-family:Menlo;color:black;mso-fareast-language:EN-GB"> \
SecAction </span><span \
style="font-size:8.5pt;font-family:Menlo;color:#CA3323;mso-fareast-language:EN-GB">&qu \
ot;phase:5,ctl:auditEngine=On,deprecatevar:ip.access_count=20/60,pass,nolog,id:104"<o:p></o:p></span></p>
<p class="MsoNormal"><span \
style="font-size:8.5pt;font-family:Menlo;color:black;mso-fareast-language:EN-GB">
</span><span style="font-size:8.5pt;font-family:Menlo;color:#38B9C7;mso-fareast-language:EN-GB">Header</span><span \
style="font-size:8.5pt;font-family:Menlo;color:black;mso-fareast-language:EN-GB"> \
</span><span style="font-size:8.5pt;font-family:Menlo;color:#CA3323;mso-fareast-language:EN-GB">always</span><span \
style="font-size:8.5pt;font-family:Menlo;color:black;mso-fareast-language:EN-GB"> \
</span><span style="font-size:8.5pt;font-family:Menlo;color:#CA3323;mso-fareast-language:EN-GB">set</span><span \
style="font-size:8.5pt;font-family:Menlo;color:black;mso-fareast-language:EN-GB"> \
Retry-After </span><span \
<p class="MsoNormal"><span \
style="font-size:8.5pt;font-family:Menlo;color:#D17125;mso-fareast-language:EN-GB"></LocationMatch><o:p></o:p></span></p>
<p class="MsoNormal"><span \
style="font-size:8.5pt;font-family:Menlo;color:black;mso-fareast-language:EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><span \
style="font-size:8.5pt;font-family:Menlo;color:#38B9C7;mso-fareast-language:EN-GB">ErrorDocument</span><span \
style="font-size:8.5pt;font-family:Menlo;color:black;mso-fareast-language:EN-GB"> 429 \
</span><span style="font-size:8.5pt;font-family:Menlo;color:#CA3323;mso-fareast-language:EN-GB">"Rate \
Limited"<o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US"><o:p> </o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">Thanks in Advance, <o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US"><o:p> </o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US">Patrick<o:p></o:p></span></p> </div>
</body>
</html>
[Attachment #4 (--===============5164295339081933468==)]
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic