Fix disruptive action flow while RuleEngine is in DetectionOnly

test/test-cases/regression/secruleengine.json

@@ -0,0 +1,50 @@
+[
+  {
+    "enabled":1,
+    "version_min":300000,
+    "title":"Testing Disruptive actions (1/n)",
+    "expected":{
+      "debug_log": " Running action: deny",
+      "http_code":404
+    },
+    "rules":[
+      "SecRuleEngine On",
+      "SecDebugLog \/tmp\/modsec_debug.log",
+      "SecRuleEngine On",
+      "SecDefaultAction \"phase:2,deny,status:404\"",
+      "SecAction \"id:'900001',phase:request,nolog,status:403,t:none\""
+    ]
+  },
+  {
+    "enabled":1,
+    "version_min":300000,
+    "title":"Testing Disruptive actions (2/n)",
+    "expected":{
+      "debug_log": "_Not_ running action: deny. Rule _does not_ contains a disruptive action, but SecRuleEngine is not On.",
+      "http_code":200
+    },
+    "rules":[
+      "SecRuleEngine On",
+      "SecDebugLog \/tmp\/modsec_debug.log",
+      "SecRuleEngine Off",
+      "SecDefaultAction \"phase:2,deny,status:404\"",
+      "SecAction \"'id:'1',phase:request,nolog,t:none\""
+    ]
+  },
+  {
+    "enabled":1,
+    "version_min":300000,
+    "title":"Testing Disruptive actions (3/n)",
+    "expected":{
+      "debug_log": "Not running disruptive action: block. SecRuleEngine is not On",
+      "http_code":200
+    },
+    "rules":[
+      "SecRuleEngine On",
+      "SecDebugLog \/tmp\/modsec_debug.log",
+      "SecRuleEngine DetectionOnly",
+      "SecDefaultAction \"phase:2,deny,status:404\"",
+      "SecAction \"id:'1',phase:request,nolog,block,t:none\""
+    ]
+  }
+]