ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.
Describe the bug
v2 states that
and has the setting turned off for in https://github.com/owasp-modsecurity/ModSecurity/blob/705002be2ba23b01bd9c895a8d01ebd9fd141ceb/modsecurity.conf-recommended#L239
But v3 has it enabled in https://github.com/owasp-modsecurity/ModSecurity/blob/4e4f3291ad2f65df7b945d3fdc4ef67d6fcc631d/modsecurity.conf-recommended#L284.
Expected behavior
Both should be in sync, and turned off.