Open
Description
I built Modsecurity and Modsecurity-apache on Debian 10.
When I load the module into Apache it works and logs fine.
I needed to disable the module for a specific virtualhost, so inside a vhost I put the modesecurity off directive. To make a long story short, I tried to put it in every possible place, even directly after the LoadModule line. The module is always alive and kicking.
If I remove the LoadModule directive, apache complains about the modsecurity directives in the various files, as expected.
My apache is
Server version: Apache/2.4.38 (Debian)
Server built: 2021-06-10T10:13:06
Server's Module Magic Number: 20120211:84
Server loaded: APR 1.6.5, APR-UTIL 1.6.1
Compiled using: APR 1.6.5, APR-UTIL 1.6.1
Architecture: 64-bit
Server MPM: prefork
threaded: no
forked: yes (variable process count)
If I try to override rules (modsecurity_rules directive) it seems to just ignore them.
Am I missing something big or is this what the "NOTE: This project is not production ready" line refers to?
Thanks
Metadata
Metadata
Assignees
Labels
No labels