I just downloaded the latest version (2.2.9) of the OWASP ModSecurity Core Ruleset.
In the provided "modsecurity_crs_10_setup.conf.example" there are two SecDefaultAction directive right next to each other:
SecDefaultAction "phase:1,deny,log"
SecDefaultAction "phase:2,deny,log"
I thought that as soon as a new SecDefaultAction directive is defined this one will be used for the following rules. Therefore I do not understand what the purpose of
SecDefaultAction "phase:1,deny,log"
is when another SecDefaultAction is defined immediately afterwards.
Thanks, Ronald
