Changing drop action example, setting number of attempts.

2025-08-14 13:56:01 +03:00 · 2015-02-25 14:27:43 -03:00 · 2015-02-25 14:27:43 -03:00 · 507b7bacf9
commit 507b7bacf9
parent 6a4ea0d97b
1 changed files with 1 additions and 1 deletions
--- a/Reference-Manual.mediawiki
+++ b/Reference-Manual.mediawiki
@ -2989,7 +2989,7 @@ Counter values are always positive, meaning that the value will never go below z
 <pre>
 SecAction phase:1,id:109,initcol:ip=%{REMOTE_ADDR},nolog
 SecRule ARGS:login "!^$" "nolog,phase:1,id:110,setvar:ip.auth_attempt=+1,deprecatevar:ip.auth_attempt=25/120"
-SecRule IP:AUTH_ATTEMPT "@gt 0" "log,drop,phase:1,id:111,msg:'Possible Brute Force Attack'"
+SecRule IP:AUTH_ATTEMPT "@gt 25" "log,drop,phase:1,id:111,msg:'Possible Brute Force Attack'"
 </pre>

 ; Note : This action is currently not available on Windows based builds.