On Wed, Jan 30, 2013 at 11:29 AM, Eric MY Wong <ericmywong@gmail.com> wrote:
I made use of security scanning tools for auditing, why the scanning with SecRuleEngine "DetectionOnly" took more time than  "On" option?

Hi Eric,

Depending on your configuration, having SecRuleEngine enabled (On) will stop a request on the first rule it matches while having SecRuleEngine in DetectionOnly mode will allow the request to traverse to all of your configured rules, which will take longer.
 - Josh

Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
mod-security-users mailing list
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: