countryroadgraphics/modsec2.user.conf

## modsec2.user.conf
SecAction phase:1,nolog,pass,initcol:IP=%{REMOTE_ADDR},id:690010
<LocationMatch "/xmlrpc(\.php)?$">
SecAction phase:2,nolog,pass,deprecatevar:ip.count_a=1/20,id:690010
SecRule IP:COUNT_A "@gt 5" "phase:2,deny,status:403,log,msg:'WAF Rules : XMLRPC - Ratelimited to one call in 20 seconds',id:690012"
SecRule RESPONSE_BODY "fault(Code|String)" "phase:4,pass,nolog,setvar:ip.count_a=+1,id:690013"
</LocationMatch>
	SecAction phase:1,nolog,pass,initcol:IP=%{REMOTE_ADDR},id:690010
	<LocationMatch "/xmlrpc(\.php)?$">
	SecAction phase:2,nolog,pass,deprecatevar:ip.count_a=1/20,id:690010
	SecRule IP:COUNT_A "@gt 5" "phase:2,deny,status:403,log,msg:'WAF Rules : XMLRPC - Ratelimited to one call in 20 seconds',id:690012"
	SecRule RESPONSE_BODY "fault(Code\|String)" "phase:4,pass,nolog,setvar:ip.count_a=+1,id:690013"
	</LocationMatch>