I am trying to use SecConnReadStateLimit directive to limit the number of connections per IP. If I set the limit to be anything smaller than 256, the website is completely unaccessible. For example, if I set it to 100, here is what I saw from the error log:
If I set it to 256, the website is accessible but it seems like no limit is applied at all.
Mod Security 2.9.0
WHM 54.0 (build 21)
Code:
[256] of 100 allowed in READ state from 95.133.46.57 - Possible DoS Consumption Attack [Rejected]
[Fri Apr 15 23:23:55.432585 2016] [:warn] [pid 29864] ModSecurity: Access denied with code 400. Too many threads [256] of 100 allowed in READ state from 95.89.152.232 - Possible DoS Consumption Attack [Rejected]
[Fri Apr 15 23:23:55.533879 2016] [:warn] [pid 29840] ModSecurity: Access denied with code 400. Too many threads [256] of 100 allowed in READ state from 1.23.209.87 - Possible DoS Consumption Attack [Rejected]
[Fri Apr 15 23:23:55.545343 2016] [:warn] [pid 29865] ModSecurity: Access denied with code 400. Too many threads [256] of 100 allowed in READ state from 84.176.200.114 - Possible DoS Consumption Attack [Rejected]
[Fri Apr 15 23:23:55.608299 2016] [:warn] [pid 29838] ModSecurity: Access denied with code 400. Too many threads [256] of 100 allowed in READ state from 198.254.253.79 - Possible DoS Consumption Attack [Rejected]
Mod Security 2.9.0
WHM 54.0 (build 21)
Last edited by a moderator: