I need to block simultaneous requests to multiple sites using ModSecurity
For example sometimes an IP address try to access multiple sites URLs in same time, which most of them are hacker or robots:
121.122.123.124 site1.com GET /index.php?route=old/wp-includes
121.122.123.124 site2.com GET /finance/paymentreceipt
121.122.123.124 site3.com GET /help/sign-in
121.122.123.124 site4.com GET /flashs/agreement_docs2
121.122.123.124 site2.com GET /administrator/includes
121.122.123.124 site3.com GET /orderOnline/uploads/
121.122.123.124 site5.com GET /media/cibadministrator
Appreciate for any help
The DoS protection part of the OWASP ModSecurity Core Rule Set may help you.
Could you check if this answer could be helpful for you:
Do OWASP CRS modsecurity rules prevent DOS as in these 2 scenarios?
The counter is set per IP address. More information can also be found in the DoS protection rule file of CRS.