[Owasp-modsecurity-core-rule-set] SecRuleEngine mode

Joshua Roback jroback at gmail.com
Fri Jul 17 14:26:16 UTC 2015


So you're claiming that while your conf file clearly states that
SecRuleEngine is "On", your audit.log indicates your in "DETECTION_ONLY"
mode?

On Tue, Jul 14, 2015 at 7:22 PM Bill Miller <wbmilleriii at comcast.net> wrote:

> Hello,
> My modsecurity.conf starts like this
>
> # Enable ModSecurity, attaching it to every transaction. Use detection
> # only to start with, because that minimises the chances of
> post-installation
> # disruption.
> #
> SecRuleEngine On
>
>
> But all messages in modsec_audit.log contain this string:
>
> Engine-Mode: "DETECTION_ONLY"
>
> I have grep'd for other instances of SecRuleEngine being set, but have
> not found any.
>
> What am I doing wrong?
>
> Thanks for your help.
> Bill
>
>
> _______________________________________________
> Owasp-modsecurity-core-rule-set mailing list
> Owasp-modsecurity-core-rule-set at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/attachments/20150717/ec8421c5/attachment.html>


More information about the Owasp-modsecurity-core-rule-set mailing list