On 12/18/2020 07:51 PM, Jigme Datse wrote:
> On Fri, 18 Dec 2020 18:20:44 -0700
> the...@sys-concept.com wrote:
>
>> ModSecurity is installed:
>> APACHE2_OPTS="-D DEFAULT_VHOST -D INFO -D SSL -D SSL_DEFAULT_VHOST -D
>> LANGUAGE -D PHP -D SECURITY"
>>
>> In which file I have to enable "SecStatusEngine On" ?
>>
>>
>
> Not worked with Apache for a bit, but I think this is needed in your
> Apache configuration. Though I'm not sure if it's per virtual server
> or if it's a global option.
>
> If this isn't helpful, I'm just sitting here waiting for stuff to
> happen, and saw your message, and just thought I'd look to see if I can
> maybe help.
>
Looking at FAQ in:
https://github.com/SpiderLabs/ModSecurity/wiki/ModSecurity-Frequently-Asked-Questions-(FAQ)
Should I initially set the SecRuleEngine to On?
No. Every Ruleset can have false positive in new environments and any
new installation should initially use the log only Ruleset version or if
no such version is available, set ModSecurity to Detection only using
the SecRuleEngine DetectionOnly command. After running ModSecurity in a
detection only mode for a while review the evens generated and decide if
any modification to the rule set should be made before moving to
protection mode.
