Clarification of “external file” comment

[drmuey]

In #73 you made this comment:

as of now the rules needs to be specified in a external file (as it is on nginx)

Are you saying that only modsecurity_rules_file works and so modsecurity_rules 'SecRuleEngine Off' is not valid for apache and/or nginx connectors?

Thanks for the clarification 👍

[zimmerle]

As stated on the documentation both modsecurity_rules_file and modsecurity_rules should work. What is not yet supported is the usage of SecRuleEngine Off' as an Apache configuration as used to be on 2.x.

[drmuey]

As stated on the documentation both modsecurity_rules_file and modsecurity_rules should work.

Thanks that is what I thought but the comment made it sound like only modsecurity_rules_file, thank you for clarifying!

What is not yet supported is the usage of SecRuleEngine Off' as an Apache configuration as used to be on 2.x.

Thanks, that prompted more questions when you get a minute:

1. Are you saying modsecurity_rules 'SecRuleEngine Off' is not supported by the Apache connector or just reiterating that SecRuleEngine Off by itself like in 2.x won’t work?
2. By “not yet” do you mean that eventually SecRuleEngine Off by itself like in 2.x will work for the Apache connector?
   1. If so, will modsecurity, modsecurity_rules, modsecurity_rules_file, et al continue to work?

Sorry for the questions, just trying to plan for the future, especially when some of the stuff that needs to know this is not part of an RPM that can be updated and sent out but rather code that gets updated and released every 3 months and we have to factor in things like long term support versions that need to function.

Really appreciate it @zimmerle ;)

Update: moved question to #75