ServerName haxtables.htb ServerAdmin webmaster@localhost DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined ServerName api.haxtables.htb ServerAdmin webmaster@localhost DocumentRoot /var/www/api ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined ServerName image.haxtables.htb ServerAdmin webmaster@localhost DocumentRoot /var/www/image ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined #SecRuleEngine On SecAction initcol:ip=%{REMOTE_ADDR},pass,nolog,id:'200001' SecAction "phase:5,deprecatevar:ip.somepathcounter=1/1,pass,nolog,id:'200002'" SecRule IP:SOMEPATHCOUNTER "@gt 5" "phase:2,pause:300,deny,status:509,setenv:RATELIMITED,skip:1,nolog,id:'200003'" SecAction "phase:2,pass,setvar:ip.somepathcounter=+1,nolog,id:'200004'" Header always set Retry-After "10" env=RATELIMITED ErrorDocument 429 "Rate Limit Exceeded" Deny from all Allow from 127.0.0.1 Options Indexes FollowSymLinks AllowOverride All Require all granted # vim: syntax=apache ts=4 sw=4 sts=4 sr noet Process finished with exit code 0