I have installed modsecurity (2.8).
So I made my first rule to block a referrer spam with the following:
SecRule REQUEST_HEADERS:Referer "buttons\-for\-website\.com" "phase:1,deny,status:403,id:666521134"
Then when I fake my referrer in Firefox to test, my site loads fine but as soon as I refresh the page or go to another page then only my ip gets blocked. I set it to phase:1 but for some reason it still allows to process the request and serve the webpage before blocking it after it loads. Is there a way to block the request immediately before serving the page? Since this referrer plugs up my analytics with bounces.
I thought that Phase:1 was suppose to block it at header receive.
