mod-security: warning, not blocking

Question

I've installed mod-security and can see from the logs that it is warning me in the case of an SQLi attempt. The attempt succeeds however, when I expect it to be prevented. Clearly I'm missing some very obvious setting, but I can't find it!

Any help appreciated.

score 2 · Accepted Answer · answered Nov 18 '14 at 06:23

2

Did you set

SecRuleEngine On

in "modsecurity.conf"? The default is

SecRuleEngine DetectionOnly

Also see https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#SecRuleEngine

answered Nov 18 '14 at 06:23

Ronald

2,864
3
25
36

A simple misconfiguration! :) – confusified Nov 18 '14 at 11:13

mod-security: warning, not blocking

1 Answers1