Hi!
I'm trying to get mod_security2 to work for the first time :) The main config is almost like the default one. 

/etc/apache2/mod_security.conf
SecRuleEngine On
SecAuditEngine RelevantOnly
SecAuditLog /var/log/apache2/modsec_audit.log
SecDebugLog /var/log/apache2/modsec_debug.log
SecDebugLogLevel 2

Also I've included some of the base rules (for example modsecurity_crs_41_sql_injection_attacks.conf). And all of them are working well - I see it from the logs.
The action specified by default in all the rules is "pass" . But I want it to block the content when any of the rules matches. I suppose the SecDefaultAction must help me to specify "deny" as action for all the rules. But when I place "SecDefaultAction log,auditlog,deny,status:403,phase:2" into the top of modsecurity_crs_41_sql_injection_attacks.conf nothing actually happens. It doesn't work even if I place SecDefaultAction line in mod_security.conf.

Please, tell me, what should I do to deny the content if one of the base rules matches? I really don't want to correct the action myself in every single rule :)

--------
WBR, Sergey