On 12/18/2020 07:51 PM, Jigme Datse wrote: > On Fri, 18 Dec 2020 18:20:44 -0700 > the...@sys-concept.com wrote: > >> ModSecurity is installed: >> APACHE2_OPTS="-D DEFAULT_VHOST -D INFO -D SSL -D SSL_DEFAULT_VHOST -D >> LANGUAGE -D PHP -D SECURITY" >> >> In which file I have to enable "SecStatusEngine On" ? >> >> > > Not worked with Apache for a bit, but I think this is needed in your > Apache configuration. Though I'm not sure if it's per virtual server > or if it's a global option. > > If this isn't helpful, I'm just sitting here waiting for stuff to > happen, and saw your message, and just thought I'd look to see if I can > maybe help. >
Looking at FAQ in: https://github.com/SpiderLabs/ModSecurity/wiki/ModSecurity-Frequently-Asked-Questions-(FAQ) Should I initially set the SecRuleEngine to On? No. Every Ruleset can have false positive in new environments and any new installation should initially use the log only Ruleset version or if no such version is available, set ModSecurity to Detection only using the SecRuleEngine DetectionOnly command. After running ModSecurity in a detection only mode for a while review the evens generated and decide if any modification to the rule set should be made before moving to protection mode.