Issue with Mod security and SecConnReadStateLimit

sfcheng77

Registered
Apr 16, 2016
4
0
1
austin
cPanel Access Level
Website Owner
I am trying to use SecConnReadStateLimit directive to limit the number of connections per IP. If I set the limit to be anything smaller than 256, the website is completely unaccessible. For example, if I set it to 100, here is what I saw from the error log:
Code:
[256] of 100 allowed in READ state from 95.133.46.57 - Possible DoS Consumption Attack [Rejected]
[Fri Apr 15 23:23:55.432585 2016] [:warn] [pid 29864] ModSecurity: Access denied with code 400. Too many threads [256] of 100 allowed in READ state from 95.89.152.232 - Possible DoS Consumption Attack [Rejected]
[Fri Apr 15 23:23:55.533879 2016] [:warn] [pid 29840] ModSecurity: Access denied with code 400. Too many threads [256] of 100 allowed in READ state from 1.23.209.87 - Possible DoS Consumption Attack [Rejected]
[Fri Apr 15 23:23:55.545343 2016] [:warn] [pid 29865] ModSecurity: Access denied with code 400. Too many threads [256] of 100 allowed in READ state from 84.176.200.114 - Possible DoS Consumption Attack [Rejected]
[Fri Apr 15 23:23:55.608299 2016] [:warn] [pid 29838] ModSecurity: Access denied with code 400. Too many threads [256] of 100 allowed in READ state from 198.254.253.79 - Possible DoS Consumption Attack [Rejected]
If I set it to 256, the website is accessible but it seems like no limit is applied at all.

Mod Security 2.9.0
WHM 54.0 (build 21)
 
Last edited by a moderator:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,227
463
Hello :)

Are you able to reproduce this issue when accessing a website associated with another account, or with a static HTML test page on the same domain name?

Thank you.