Set SecStatusEngine Off in modsecurity.conf-recommended

martinhsv · martinhsv · commit 733427197e2f · 2022-04-19T10:07:36.000-07:00
diff --git a/CHANGES b/CHANGES
@@ -1,6 +1,8 @@
 DD mmm YYYY - 2.9.x (to be released)
 -------------------
 
+ * Set SecStatusEngine Off in modsecurity.conf-recommended
+   [Issue #2717 - @un99known99, @martinhsv]
  * Fix memory leak that occurs on JSON parsing error
    [Issue #2236 @argenet, @vloup, @martinhsv]
  * Multipart names/filenames may include single quote if double-quote enclosed
diff --git a/modsecurity.conf-recommended b/modsecurity.conf-recommended
@@ -234,5 +234,7 @@ SecUnicodeMapFile unicode.mapping 20127
 # The following information will be shared: ModSecurity version,
 # Web Server version, APR version, PCRE version, Lua version, Libxml2
 # version, Anonymous unique id for host.
-SecStatusEngine On
+# NB: As of April 2022, there is no longer any advantage to turning this
+# setting On, as there is no active receiver for the information.
+SecStatusEngine Off
 
