Clarification of “What is not yet supported” comment

[drmuey]

In #74 you made this comment:

What is not yet supported is the usage of SecRuleEngine Off' as an Apache configuration as used to be on 2.x.

Thanks, that prompted more questions when you get a minute:

1. Are you saying modsecurity_rules 'SecRuleEngine Off' is not supported by the Apache connector or just reiterating that SecRuleEngine Off by itself like in 2.x won’t work?
2. By “not yet” do you mean that eventually SecRuleEngine Off by itself like in 2.x will work for the Apache connector?
   1. If so, will modsecurity, modsecurity_rules, modsecurity_rules_file, et al continue to work?

Sorry for the questions, just trying to plan for the future, especially when some of the stuff that needs to know this is not part of an RPM that can be updated and sent out but rather code that gets updated and released every 3 months and we have to factor in things like long term support versions that need to function.

Really appreciate it @zimmerle ;)

[zimmerle]

The matter here is the configuration style. In v2, ModSecurity was an Apache module loading the rules as configurations; v3 is a library with its parser. In order to trigger the parser on v3 is necessary to add modsecurity_rules and/or modsecurity_rules_file.

modsecurity off - an apache/module configuration that disables the mod_security3 module. modsecurity_rules 'SecRuleEngine Off' - is a ModSecurity internal configuration that disables the rule processing.