)
I am currently trying to create a list of whitelists in modsecurity for my application.
To reduce false positives i thought about something like this: If a user causes more than 10 error message (mod security messages) it will be blocked then.
Is something like this possible?
Almost. You haven't specified what kind of error messages, for example, nor if you want 10 in a single request or 10 in a given time period.
There are thresholds you can set in the CRS setup for mod_security that will trigger rejections based on a total score; raising/lowering that threshold will set the level to reject a single request.
If you're looking at 403's or rejections over a time period, you probably want to google "fail2ban mod_security" for ways to set f2b up to read the mod_security log files and put the offending IP in "jail" after enough misbehavior.
