The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Issue with Mod security and SecConnReadStateLimit

Discussion in 'Security' started by sfcheng77, Apr 16, 2016.

Tags:
  1. sfcheng77

    sfcheng77 Registered

    Joined:
    Apr 16, 2016
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    austin
    cPanel Access Level:
    Website Owner
    I am trying to use SecConnReadStateLimit directive to limit the number of connections per IP. If I set the limit to be anything smaller than 256, the website is completely unaccessible. For example, if I set it to 100, here is what I saw from the error log:
    Code:
    [256] of 100 allowed in READ state from 95.133.46.57 - Possible DoS Consumption Attack [Rejected]
    [Fri Apr 15 23:23:55.432585 2016] [:warn] [pid 29864] ModSecurity: Access denied with code 400. Too many threads [256] of 100 allowed in READ state from 95.89.152.232 - Possible DoS Consumption Attack [Rejected]
    [Fri Apr 15 23:23:55.533879 2016] [:warn] [pid 29840] ModSecurity: Access denied with code 400. Too many threads [256] of 100 allowed in READ state from 1.23.209.87 - Possible DoS Consumption Attack [Rejected]
    [Fri Apr 15 23:23:55.545343 2016] [:warn] [pid 29865] ModSecurity: Access denied with code 400. Too many threads [256] of 100 allowed in READ state from 84.176.200.114 - Possible DoS Consumption Attack [Rejected]
    [Fri Apr 15 23:23:55.608299 2016] [:warn] [pid 29838] ModSecurity: Access denied with code 400. Too many threads [256] of 100 allowed in READ state from 198.254.253.79 - Possible DoS Consumption Attack [Rejected]
    
    If I set it to 256, the website is accessible but it seems like no limit is applied at all.

    Mod Security 2.9.0
    WHM 54.0 (build 21)
     
    #1 sfcheng77, Apr 16, 2016
    Last edited by a moderator: Apr 16, 2016
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    654
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Are you able to reproduce this issue when accessing a website associated with another account, or with a static HTML test page on the same domain name?

    Thank you.
     
  3. sfcheng77

    sfcheng77 Registered

    Joined:
    Apr 16, 2016
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    austin
    cPanel Access Level:
    Website Owner
Loading...

Share This Page