Ignore SecStatusEngine directive in v2

owasp-modsecurity / ModSecurity

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.

https://www.modsecurity.org

Apache License 2.0

7.7k stars 1.54k forks source link

Ignore SecStatusEngine directive in v2 #3137

Closed airween closed 2 weeks ago

airween commented 3 weeks ago

Describe the bug

Although we changed SecStatusEngine default value to Off (see #3092), the directive is already does what we expect - see the documentation.

Expected behavior

As we discussed on Slack channel, it would be fine to remove this feature in background like in libmodsecurity3.

The parser should allow the directive but just simple ignore it.

Server (please complete the following information):

ModSecurity version: v2
WebServer: Apache

airween commented 2 weeks ago

Duplicated issue - see #3122.

Closing this one.