I want to configure ModSecurity to limit the access to certain resources to a certain count each day.
E.g: User "A" is allowed to download any file in a specific directory, but the total downloads must not exceed 5.
I keep track of the user accesses using the user collection:
# initialize collection for the user
SecAction "phase:2,id:1,initcol:user=%{REQUEST_HEADERS:User},nolog"
# check if the the limit is reached and respond with status 403
SecRule USER:REQUESTS "@gt 5" "phase:2,id:3,deny,status:403"
# increment the request count variable upon success
SecAction phase:4,id:4,setvar:user.requests=+1
Now I want to clear the requests field in the user collection every day, so that the user has the full download slots for the next day.
I know of the expirevar action, but that only allows to specify the number of seconds until the variable shall be cleared, but not the exact time that shall happen.
Is there a possibility to expire the variable that way?
Another option would be a cron-job that runs every day at the same time and clears the stored variables for all users. Unfortunately there is no documentation of where the values are stored and how I can modify them.
Is there a way I can access the stored collection for the users to allow the clearing of the variables?
