I have plenty of bots accessing the site trying to find holes and stuff like that, so my idea was to block all non .se visitors (i dont mind google getting blocked either), that part works like a charm, but the response is 200, but i would like to give them 404 instead, any ideas?
I have this in my apache.conf
<IfModule mod_security2.c>
SecRuleEngine On
SecAuditEngine RelevantOnly
SecAuditLog /var/log/apache2/audit_log
SecDebugLog /var/log/apache2/modsec_debug_log
SecDebugLogLevel 0
SecRequestBodyAccess On
SecResponseBodyAccess Off
SecDefaultAction "phase:2,deny,log,status:500"
SecGeoLookupDb /usr/local/share/GeoIP/GeoIP.dat
SecRule REMOTE_ADDR "@geoLookup" "chain,drop,msg:'Non-SE IP address'"
SecRule GEO:COUNTRY_CODE "!@streq SE" "t:none"
</IfModule>