I'm in the process of setting up mod_security for the first time, and am trying to whitelist some internal IP addresses using the MODSEC_ENABLE=Off environmental variable. I'm currently running in detection-only mode, but the modsec audit log is still
recording hits, with the expected errors, where the modsec_enable value is "off"
Is this the expected behavior, will it continue to monitor these packets and just not block them, or have I not implemented the environment var properly? I can verify that the value is getting the OFF value where appropriate (i set it to a header, and
see if in the audit logs), and that is happening the first thing in the big <ifmodule mod_security2> block
Harvard Business Publishing
300 North Beacon St. | Watertown, MA 02472
(617) 783-7461 | Fax: (617) 783-7467