I'm in the process of setting up mod_security for the first time, and am trying to whitelist some internal IP addresses using the MODSEC_ENABLE=Off environmental variable.  I'm currently running in detection-only mode, but the modsec audit log is still recording hits, with the expected errors, where the modsec_enable value is "off"

Is this the expected behavior, will it continue to monitor these packets and just not block them, or have I not implemented the environment var properly?  I can verify that the value is getting the OFF value where appropriate (i set it to a header, and see if in the audit logs), and that is happening the first thing in the big <ifmodule mod_security2> block

Aaron Macks
Systems Architect

Harvard Business Publishing
300 North Beacon St.    |   Watertown, MA 02472
(617) 783-7461                |   Fax: (617) 783-7467
www.harvardbusiness.org |   Cell:(978) 317-3614