ModSecurity: Access denied with code 400. Too many threads [256] of 100 allowed in READ state from x.x.x.x - Possible DoS Consumption Attack [Rejected]

Modsecurity has a mechanism that throttles down IPs with excessive connection rates. Varnish, with its high performance and effective threading system, tends to exhibit such behavior. So modsec (if installed and enabled in Apache) can block Varnish. You can confirm this issue by disabling modsec in Apache. An alternative is to increase variable WAF_READSTATELIMIT from its low value to a higher number.
  • 23 Users Found This Useful
Was this answer helpful?

Related Articles

Stop worpress wp-login.php brute force attacks with Varnish throttling (Rate Limit)

Version 1.8.4 of the cPanel Varnish Plugin has seen a new feature being introduced: the ability...

Varnish Plugin on Amazon AWS with Elastic IP or NAT

Here are the two short steps required to ensure licensing is setup properly so you're able to use...

Correct IP reporting in legacy software / scripts

The plugin follows reverse proxy software proper handling of X-Forwarded-For headers and in this...

vBulletin correct reporting of IP address

It's recommended to make the following changes to includes/config.php so vB doesn't report...

Why does the plugin change the server header?

Normally, if you download and install Varnish (the source not the plugin) yourself, the headers...