HIDS 31102 and default value for WAF_READSTATELIMIT
Posted: Fri Oct 11, 2013 5:57 am
We noticed that the default value for WAF_READSTATELIMIT is changed from 10 to 100 in ASL 4. See the wiki page on https://www.atomicorp.com/wiki/index.ph ... STATELIMIT. Of course we are still running the latest ASL 3, which means that by default the WAF_READSTATELIMIT setting is set to 10.
We are encountering many incidents where we believe legit users are hitting this limit, and are shunned because of HIDS rule 31102 which monitors for this mod_security event.
What is the reason of changing the default limit from 10 to 100 in ASL 4? Is ASL 4 doing something special, or is the limit in ASL 3 just too low? Do you recommend to raise the default in ASL 3 too?
We are encountering many incidents where we believe legit users are hitting this limit, and are shunned because of HIDS rule 31102 which monitors for this mod_security event.
What is the reason of changing the default limit from 10 to 100 in ASL 4? Is ASL 4 doing something special, or is the limit in ASL 3 just too low? Do you recommend to raise the default in ASL 3 too?