From b96c3591530166e9a5b0ed4ddc2713e549220b30 Mon Sep 17 00:00:00 2001
From: niloct <nilo.teixeira@gmail.com>
Date: Wed, 25 Feb 2015 10:29:16 -0300
Subject: [PATCH] Revert
 7dc3e4c3ff83750da0ee0a9a3d7003c333036dde...dab38515976d1a1b8bbdf3de62024328599f3969
 on Reference Manual

---
 Reference-Manual.mediawiki | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Reference-Manual.mediawiki b/Reference-Manual.mediawiki
index 55b9927..bb3ffe3 100644
--- a/Reference-Manual.mediawiki
+++ b/Reference-Manual.mediawiki
@@ -2988,7 +2988,7 @@ Counter values are always positive, meaning that the value will never go below z
 '''Example:''' The following example initiates an IP collection for tracking Basic Authentication attempts. If the client goes over the threshold of more than 25 attempts in 2 minutes, it will DROP subsequent connections.
 <pre>
 SecAction phase:1,id:109,initcol:ip=%{REMOTE_ADDR},nolog
-SecRule ARGS:login "!^$" "nolog,phase:1,id:110,setvar:ip.auth_attempt=+1,deprecatevar:ip.auth_attempt=25/120"
+SecRule ARGS:login "!^$" "nolog,phase:1,id:110,setvar:ip.auth_attempt=+1,deprecatevar:ip.auth_attempt=20/120"
 SecRule IP:AUTH_ATTEMPT "@gt 25" "log,drop,phase:1,id:111,msg:'Possible Brute Force Attack'"
 </pre>