How to make modsecurity to punish users by adding a delay when some sql injection are detected Actually we have a webfirewall (modsecurity) blocking common sql injections on our server. I want to know if there is a way to punish users when they try sql injections on the server, by making webfirewall to wait 2 seconds before the answer, there is some way for doing this.

You could use fail2ban for that! Fail2ban is a program that scans logfiles for certain events and then adds firewall rules according to those events.

<