From 6a4ea0d97b1ad4ccfb9e958b3ce28ec7805592f4 Mon Sep 17 00:00:00 2001
From: niloct <nilo.teixeira@gmail.com>
Date: Wed, 25 Feb 2015 10:32:03 -0300
Subject: [PATCH] Fixed drop action example (with deprecatevar action).

---
 Reference-Manual.mediawiki | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Reference-Manual.mediawiki b/Reference-Manual.mediawiki
index bb3ffe3..a0a803f 100644
--- a/Reference-Manual.mediawiki
+++ b/Reference-Manual.mediawiki
@@ -2988,8 +2988,8 @@ Counter values are always positive, meaning that the value will never go below z
 '''Example:''' The following example initiates an IP collection for tracking Basic Authentication attempts. If the client goes over the threshold of more than 25 attempts in 2 minutes, it will DROP subsequent connections.
 <pre>
 SecAction phase:1,id:109,initcol:ip=%{REMOTE_ADDR},nolog
-SecRule ARGS:login "!^$" "nolog,phase:1,id:110,setvar:ip.auth_attempt=+1,deprecatevar:ip.auth_attempt=20/120"
-SecRule IP:AUTH_ATTEMPT "@gt 25" "log,drop,phase:1,id:111,msg:'Possible Brute Force Attack'"
+SecRule ARGS:login "!^$" "nolog,phase:1,id:110,setvar:ip.auth_attempt=+1,deprecatevar:ip.auth_attempt=25/120"
+SecRule IP:AUTH_ATTEMPT "@gt 0" "log,drop,phase:1,id:111,msg:'Possible Brute Force Attack'"
 </pre>
 
 ; Note : This action is currently not available on Windows based builds.