Do you want to use ModSecurity in a transparent mode? Meaning that no actions will be performed? You can use the SecRuleEngine command. The syntax is:
SecRuleEngine On|Off|DetectionOnlyThe possible values are:
ModSecurity Wiki
On: process rules
Off: do not process rules
DetectionOnly: process rules but never executes any disruptive actions (block, deny, drop, allow, proxy and redirect)
For the transparent mode, where only no disruptive actions will be applied, use:
SecRuleEngine DetectionOnlyPut this directive at the top of the ModSecurity configuration file.
If you want to have a log, add:
SecAuditLog <path to the log file>SecAuditLog /tmp/modsec_audit.logDon’t forget to restart your web server.
References:
Modsecurity wiki