I'm trying to get mod_security2 to work for the first time :) The main config is almost like the default one.
Also I've included some of the base rules (for example modsecurity_crs_41_sql_injection_attacks.conf). And all of them are working well - I see it from the logs.
The action specified by default in all the rules is "pass" . But I want it to block the content when any of the rules matches. I suppose the SecDefaultAction must help me to specify "deny" as action for all the rules. But when I place "SecDefaultAction log,auditlog,deny,status:403,phase:2" into the top of modsecurity_crs_41_sql_injection_attacks.conf nothing actually happens. It doesn't work even if I place SecDefaultAction line in mod_security.conf.
Please, tell me, what should I do to deny the content if one of the base rules matches? I really don't want to correct the action myself in every single rule :)