Hi, You can have something like: SecReadStateLimit <number of limited connections in SERVER_BUSY_STATE> SecWriteStateLimit <number of limited connections in SERVER_BUSY_STATE>
Eg.: SecReadStateLimit 10 SecWriteStateLimit 10 This means only 10 connections will be established in SERVER_BUSY_STATE. Can help in preventing SlowDOS attack. OR you can block with the UserAgent, if it is same and specific for attacker only. On Fri, Sep 14, 2012 at 8:09 AM, 闫振宇 <yanzhe...@55tuan.com> wrote: > ** > > Hi,all > I notice a specific URL of my webserver has been accessed frequently > by several ip addresses. This url is a login page.I blocked some IPs with > firewall,but it seems that the attacker change to a new ip and continue > trying to visit. > How do I block this sort of attack ? Thanks for any idea. > > > 2012-09-14 > ------------------------------ > > > 闫振宇 系统部 > > ************************************************************************ > > *窝窝商城(中国)有限公司***** > > 地址:北京市海淀区农大南路1号硅谷亮城9号楼 邮编:100084 > > 电话:+86-10-59065069 传真:+86-10-59065678**** > > Mob:+86-13261949497 > > E-mail:yanzhe...@55tuan.com www.55tuan.com**** > > > > _______________________________________________ > Owasp-modsecurity-core-rule-set mailing list > Owasp-modsecurity-core-rule-set@lists.owasp.org > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set > > -- Regards, Sanchit
<<17742_17742_Catc(05-30-01-05-39).jpg>>
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
