[Owasp-modsecurity-core-rule-set] SecRuleEngine mode

Bill Miller wbmilleriii at comcast.net
Tue Jul 14 23:14:45 UTC 2015


Hello,
My modsecurity.conf starts like this

# Enable ModSecurity, attaching it to every transaction. Use detection
# only to start with, because that minimises the chances of 
post-installation
# disruption.
#
SecRuleEngine On


But all messages in modsec_audit.log contain this string:

Engine-Mode: "DETECTION_ONLY"

I have grep'd for other instances of SecRuleEngine being set, but have 
not found any.

What am I doing wrong?

Thanks for your help.
Bill




More information about the Owasp-modsecurity-core-rule-set mailing list