SecRuleEngine Off must work . Have you tried to put SecRuleEngine inside Directory:
<Directory /var/www/site/phpMA>
SecRuleEngine Off
</Directory>
instead of LocationMatch ?
The mod_security
action deny
will produce a 403 response whereas drop
will immediately close the connection. From the manual:
drop
Description: Immediately initiate a "connection close" action to tear down the TCP connection by sending a FIN packet.
Action Group: Disruptive
Example: The following example initiates an IP collection for tracking Basic Authentication attempts. If the client goes over the threshold of more than 25 attempts in 2 minutes, it will DROP subsequent connections.
SecAction initcol:ip=%{REMOTE_ADDR},nolog
SecRule ARGS:login "!^$" \
nolog,phase:1,setvar:ip.auth_attempt=+1,deprecatevar:ip.auth_attempt=20/120
SecRule IP:AUTH_ATTEMPT "@gt 25" \
log,drop,phase:1,msg:'Possible Brute Force Attack"
Note
This action is extremely useful when responding to both Brute Force and Denial of Service attacks in that, in both cases, you want to minimize both the network bandwidth and the data returned to the client. This action causes error message to appear in the log "(9)Bad file descriptor: core_output_filter: writing data to the network"
Best Answer