I'm running this on my staging server for the first time and I think I did everything correctly. I can see entries in modsec_audit.log when I run nikto2 against it, but for the life of me I can't manually make mod_security block anything. I've dropped SQL into URLs, into forms, etc and I just got our typical user friendly HTML 404 page, not a block from mod_security, which should be a 403 error or an outright block.
I'm worried that its only detecting and not stopping. I've checked my config and its definitely set to stop attacks not just detect them. Any idea on how I can verify this thing is actually blocking attacks? Anyone have a test URL or something I can do that will prove to me that its actually working?
Best Answer
By default the engine will only be detecting mode:
You need to adjust
SecRuleEngine Onand restart Apache.