Are the IMH modsecurity rules compliant with apache 2.4.6?
When I upgraded from apache 2.2.x to apache 2.4.6 through EasyApache, no sites would serve because apache wouldn't run. The following errors were showing up:
ModSecurity: Access denied with code 400. Too many threads [16384] of 100 allowed in READ state from 9.9.9.9 - Possible DoS Consumption Attack [Rejected]
Note: actual changed ip to 9.9.9.9 just for this post. It wasn't a DoS attack though, it seems some of the rules might have been bad because as soon as modsecurity was removed, easyapache update re-run, apache started and served fine and there was no DoS attack underway.
Need to know if there are changes needed to the modsecurity configuration when upgrading apache from 2.2.x to 2.4.x.
ModSecurity: Access denied with code 400. Too many threads [16384] of 100 allowed in READ state from 9.9.9.9 - Possible DoS Consumption Attack [Rejected]
Note: actual changed ip to 9.9.9.9 just for this post. It wasn't a DoS attack though, it seems some of the rules might have been bad because as soon as modsecurity was removed, easyapache update re-run, apache started and served fine and there was no DoS attack underway.
Need to know if there are changes needed to the modsecurity configuration when upgrading apache from 2.2.x to 2.4.x.