Issue with Mod security and SecConnReadStateLimit
I am trying to use SecConnReadStateLimit directive to limit the number of connections per IP. If I set the limit to be anything smaller than 256, the website is completely unaccessible. For example, if I set it to 100, here is what I saw from the error log:
If I set it to 256, the website is accessible but it seems like no limit is applied at all. Mod Security 2.9.0 WHM 54.0 (build 21)
[256] of 100 allowed in READ state from 95.133.46.57 - Possible DoS Consumption Attack [Rejected]
[Fri Apr 15 23:23:55.432585 2016] [:warn] [pid 29864] ModSecurity: Access denied with code 400. Too many threads [256] of 100 allowed in READ state from 95.89.152.232 - Possible DoS Consumption Attack [Rejected]
[Fri Apr 15 23:23:55.533879 2016] [:warn] [pid 29840] ModSecurity: Access denied with code 400. Too many threads [256] of 100 allowed in READ state from 1.23.209.87 - Possible DoS Consumption Attack [Rejected]
[Fri Apr 15 23:23:55.545343 2016] [:warn] [pid 29865] ModSecurity: Access denied with code 400. Too many threads [256] of 100 allowed in READ state from 84.176.200.114 - Possible DoS Consumption Attack [Rejected]
[Fri Apr 15 23:23:55.608299 2016] [:warn] [pid 29838] ModSecurity: Access denied with code 400. Too many threads [256] of 100 allowed in READ state from 198.254.253.79 - Possible DoS Consumption Attack [Rejected]
If I set it to 256, the website is accessible but it seems like no limit is applied at all. Mod Security 2.9.0 WHM 54.0 (build 21)
-
Hello :) Are you able to reproduce this issue when accessing a website associated with another account, or with a static HTML test page on the same domain name? Thank you. 0 -
I don't actually want to play with my production server again. It is definitely a bug with mod security. Somebody else has reported it here as well: SecConn[Read/Write]StateLimit Instantly hits limit - ap_get_scoreboard_worker method failing " Issue #843 " SpiderLabs/ModSecurity " GitHub . I ended up using another mod to solve the problem with mod_limitipconn from mod_limitipconn.c . 0
Please sign in to leave a comment.
Comments
2 comments