From a6d93441c1afe1263e7e353a922fd32e278e150b Mon Sep 17 00:00:00 2001 From: Felipe Zimmerle Date: Tue, 21 Jan 2014 12:23:19 -0800 Subject: [PATCH] Places StatusEngine to be Off by default StatusEngine is now marked as Off by default. This patch also adds the SecStatusEngine directive to our recommend configuration file. --- apache2/mod_security2.c | 2 +- modsecurity.conf-recommended | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/apache2/mod_security2.c b/apache2/mod_security2.c index c3eeacca..98315634 100644 --- a/apache2/mod_security2.c +++ b/apache2/mod_security2.c @@ -61,7 +61,7 @@ unsigned long int DSOLOCAL msc_pcre_match_limit = 0; unsigned long int DSOLOCAL msc_pcre_match_limit_recursion = 0; -int DSOLOCAL status_engine_state = STATUS_ENGINE_ENABLED; +int DSOLOCAL status_engine_state = STATUS_ENGINE_DISABLED; unsigned long int DSOLOCAL conn_read_state_limit = 0; diff --git a/modsecurity.conf-recommended b/modsecurity.conf-recommended index 945b6329..d3774b54 100644 --- a/modsecurity.conf-recommended +++ b/modsecurity.conf-recommended @@ -211,3 +211,10 @@ SecCookieFormat 0 # SecUnicodeMapFile unicode.mapping 20127 +# Improve the quality of ModSecurity by sharing information about your +# current ModSecurity version and dependencies versions. +# The following information will be shared: ModSecurity version, +# Web Server version, APR version, PCRE version, Lua version, Libxml2 +# version, Anonymous unique id for host. +SecStatusEngine On +