Set ModSecurity to drop all requests from an IP


We’re dealing with an issue where requests that come through CloudFlare can bypass our firewall since they get forwarded through the CloudFlare proxy. I’ve opened a thread at LSWS suggesting that the IPs from the CSF deny list should also be applied to the LSWS deny list: Apply IP deny list from CSF due to CloudFlare | LiteSpeed Support Forums

The LSWS staff has suggested that we should set ModSecurity to “drop” these requests, instead of denying them with a 403 Forbidden error.

Is it possible to configure Comodo WAF to “drop” requests from IPs that have triggered a specific rule or a specific amount of rules?

Thank you in advance.



you can changes some files:

  1. /path_to_cwaf/cwaf/rules/00_Init_Initialization.conf
    In this file in strings 16 and 19 change “deny” with “drop”.

  2. /path_to_cwaf/cwaf/rules/03_Global_Domains.conf
    In this file do the same in string 14.

  3. restart (reload) your web-server.

But it will drop all vulnerable requests.

We’ll try to realize this function for particular issues.