Set SecStatusEngine Off in modsecurity.conf-recommended

2025-09-30 03:34:29 +03:00 · 2022-04-19 10:07:36 -07:00
parent 1dd1c6defd
commit 733427197e
2 changed files with 5 additions and 1 deletions
--- a/2
+++ b/2
@@ -1,6 +1,8 @@
 DD mmm YYYY - 2.9.x (to be released)
 -------------------

+ * Set SecStatusEngine Off in modsecurity.conf-recommended
+   [Issue #2717 - @un99known99, @martinhsv]
 * Fix memory leak that occurs on JSON parsing error
   [Issue #2236 @argenet, @vloup, @martinhsv]
 * Multipart names/filenames may include single quote if double-quote enclosed
--- a/modsecurity.conf-recommended
+++ b/modsecurity.conf-recommended
@@ -234,5 +234,7 @@ SecUnicodeMapFile unicode.mapping 20127
 # The following information will be shared: ModSecurity version,
 # Web Server version, APR version, PCRE version, Lua version, Libxml2
 # version, Anonymous unique id for host.
-SecStatusEngine On
+# NB: As of April 2022, there is no longer any advantage to turning this
+# setting On, as there is no active receiver for the information.
+SecStatusEngine Off