Hi, Make sure that your SecRuleEngine https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-%28v2.x%29#SecRuleEngine directive is set to "on". If it's "DetectionOnly" or "off" you will only get warnings. I haven't gone through all of your logs, but the way that the OWASP CRS works by default is using the approach of "delayed blocking", meaning that a number of rules can match and only cause warnings, but each rule that match gets added to a score. After all the rules are evaluated the final...