ModSecurity - Is there a way to configure DetectionOnly per Rule

Using Mod-Security I would like to have my production system blocking requests (SecRuleEngine On), but for some of the rules (perhaps provided with an update of the RuleSet) I would like to get notified. This should help me to identify False-Postive before bringing the Rule really in production.

In other words, I would like to configure DetectionOnly for a list of Rules, while others are still blocked.

Is there a way to configured that with ModSecurity?

Solution

You can update a specific rule, like this:

SecRuleUpdateActionById 12345 "pass,log"

Alternatively you can write your own rules to turn off the rule engine for certain scenario. See this questions for example: Set mod_security to detectionOnly for a specific page?

How do I skip certains rules for parameter in a path in ModSecurity?
Can't upload file via php in Jailed Shell account
Modsecurity & Apache: How to limit access rate by header?
ModSecurity WAF log configuration
Update_user_meta() containing an Url triggers Modsecurity Rule
Facebook links to my site resolve as 403 forbidden
How can I increase the SecRequestBodyLimit for a single route?
SecRule REQUEST_HEADERS:Content-Type to parse XML & JSON for Ingress k8s
mTLS with Apache proxy and many user certs?
ModSecurity: Disruptive actions can only be specified by chain starter rules
Cannot access XML element within a namespace using ModSecurity
Customizing apache mod security to accept content-type=text/plain
Chained rule not working in ModSecurity/Coraza
Rate limit on a per-IP basis using ModSecurity
Mixing logical OR and AND in ModSecurity/Coraza
ModSecurity rule to find JSON value in request body
web application firewall development
Mod_security rule exception for url/arg
Mod Security Blocks Text Formatted by Tiny MCE Editor
How do I use ModSecurity's transformation function to encode the request_body
ModSecurity Block Multiple URLs with One Rule?
ModSecurity: Access denied with code 403 (phase 2). Pattern match ... Only on ONE user has issues
Correct syntax for modsecurity rules for Wordpress / Elementor false positives
Ubuntu 'Failed to restart apache2.service: Unit apache2.service not found.'
Using Modsecurity and Apache HTTP, how can I whitelist some specific fields in formdata?
Apache error 500 on large file uploads (mod_security)
OWAS core rules break phpMyAdmin, ModSecurity ignores exception rule
ModSecurity Issue while logging MySQL errors
ModSecurity breaking the Wordpress Theme editor, cannot write proper exclusion rules
How to block based on request content to a specific file?