Description
my env: centos7.4,nginx-1.13.12,modsecurity v3.0.2,modsecurity-nignx master, owasp-modsecurity-crs latest version
i want to test dos protection, i set 4 TX variables:DOS_BLOCK_TIMEOUT,DOS_COUNTER_THRESHOLD,DOS_BURST_TIME_SLICE,STATIC_EXTENSIONS
as desc,but it didn't work. and then i open the debug log config, and add a log at rule 912150.
SecRule ... logdata:'realip:%{tx.real_ip} - ip.dos_counter: %{ip.dos_counter}',\ ...
the result is,ip.dos_counter is null or 0?
follow is the mod audit log:
[data "realip:172.18.21.42 - ip.dos_counter: "]
debug log:
[8] Saving variable: IP:dos_counter with value: 1
No mater how much times i try,the log is always the same。
After many attempts,i find it works with modsecurity v3.0.0. the dos_counter can increased by 1,but
expirevar:ip.dos_block=%{tx.dos_block_timeout}" didn't work that make the ip blocked all the time unless i reload nginx.