Hi Everyone,

    In 2.8.0, is it possible to override SecRuleEngine DetectionOnly with Deny for specific rules?  I recall being able to do this in 2.6 and 2.7.

    I am hoping to deny bad uploads with my custom @inspectFile rule and just inspect everything else while I ease into production.

SecRule FILES_TMPNAMES "@inspectFile /etc/apache2/modsecurity.d/util/av-scanning/runav.pl" \
"phase:2,t:none,log,deny,msg:'A virus or malicious content was found in uploaded file',id:'950115',tag:'MALICIOUS_SOFTWARE/VIRUS',tag:'PCI/5.1',severity:'2',setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-MALICIOUS_SOFTWARE/VIRUS-%{matched_var_name}=%{tx.0}"

Some config info :

OWASP_CRS/2.2.9

SecDefaultAction "phase:2,pass,log"

SecAction \
  "id:'900004', \
  phase:1, \
  t:none, \
  setvar:tx.anomaly_score_blocking=on, \
  nolog, \
  pass"


~Jeremy