SUGGESTION: Please consider adding a custom modsecurity rule as an option for your customers to block IP address for x minutes if/when modsecurity is triggered.
If I block an ip address now, it must be done manually every single time. Next time the hacker tries, he will use a different ip. Eventually I will have MANY ip addresses blocked (some which could be used legitimately some day in the future). ALSO, I usually don’t even discover his hack attempt until after he’s done if/when I check the server log files… So to just block the ip address he used last time is pointless - he’ll be on a different ip address next time.
BACKGROUND FOR WHY I WOULD LIKE THIS FEATURE:
I have a hacker constantly making hack attempts on one of our sites. I have done my best to defend the sites, but they are endlessly looking for loopholes or weaknesses, and I think a feature like this would slow their progress significantly as to discourage them from continuing the hack attempts.