with the rule filter in detection mode, this rule will actually turn the filtering on and in denial mode

<Location />
SecRuleEngine Off
SecAuditEngine Off
SecRequestBodyAccess Off
SecResponseBodyAccess Off

I guess its not working like it should ? this is in a virtualhost config. I also noticed the default action in config.conf is phase:1 is that a problem ?