So you're claiming that while your conf file clearly states that SecRuleEngine is "On", your audit.log indicates your in "DETECTION_ONLY" mode?
On Tue, Jul 14, 2015 at 7:22 PM Bill Miller <wbmiller...@comcast.net> wrote: > Hello, > My modsecurity.conf starts like this > > # Enable ModSecurity, attaching it to every transaction. Use detection > # only to start with, because that minimises the chances of > post-installation > # disruption. > # > SecRuleEngine On > > > But all messages in modsec_audit.log contain this string: > > Engine-Mode: "DETECTION_ONLY" > > I have grep'd for other instances of SecRuleEngine being set, but have > not found any. > > What am I doing wrong? > > Thanks for your help. > Bill > > > _______________________________________________ > Owasp-modsecurity-core-rule-set mailing list > Owasp-modsecurity-core-rule-set@lists.owasp.org > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set >
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
