logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Third-party Modules View previous topic :: View next topic
Reply to topic   Topic: mod_security crs_11_slow_dos_protection rule False Positive
Author
pipetka



Joined: 31 Mar 2014
Posts: 1

PostPosted: Mon 31 Mar '14 13:44    Post subject: mod_security crs_11_slow_dos_protection rule False Positive Reply with quote

Hi,

After modsecurity_crs_11_slow_dos_protection.conf rule activation I receive the following message in the browser:
The connection was reset

And have the following lines in the error.log

[:warn] [pid 4152:tid 1692] ModSecurity: Access denied with code 400. Too many threads [1920] of 250 allowed in READ state from 172.16.1.222 - Possible DoS Consumption Attack [Rejected]

It seems that the cause of such behavior is
SecReadStateLimit 250 variable in modsecurity_crs_11_slow_dos_protection.conf file.

Is that a normal having 1920 threads from one page in the browser? How can I resolve the issue?


Thank you in advance
Back to top
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 3049
Location: Hilversum, NL, EU

PostPosted: Thu 03 Apr '14 19:35    Post subject: Reply with quote

Best is to post mod_security questions at their list : https://lists.sourceforge.net/lists/listinfo/mod-security-users . The developers there are always willing to help.
Back to top


Reply to topic   Topic: mod_security crs_11_slow_dos_protection rule False Positive View previous topic :: View next topic
Post new topic   Forum Index -> Third-party Modules