[Owasp-modsecurity-core-rule-set] A Recommended Base Configuration - SecRuleEngine

Ryan Barnett RBarnett at trustwave.com
Fri Apr 1 11:36:16 EDT 2011

Reference Manual:

Current setting:

# Enable ModSecurity, attaching it to every transaction. Use detection
# only to start with, because that minimises the chances of post-installation
# disruption.
SecRuleEngine DetectionOnly

When first adding in ModSecurity, you want to minimize any disruptions to traffic until you get a handle on how your configs/rules will respond to your traffic.  This setting allows SecRules to trigger events but not take any disruptive actions.

More information about the Owasp-modsecurity-core-rule-set mailing list