I am using ModSecurity 2.7 on a Centos machine. I just gave yum install mod_security, set SecRuleEngine On and restarted httpd. Even if ModSecurity is working (looking at ModSecurity and httpd error logs) it does not block any attack (a tried a xss and a path traversal). Any help?
Regards
You do not give us much information. What does your config look like? Which ruleset do you use? What kind of attack did you try? What did the logfile say?
Just a guess: Are you using the OWASP Core Ruleset? Do you need to link the rules you want to use to the activated_rules folder?
Best, Ronald