I am using the atomicorp free modsec rules on some of my servers and today I noticed it is no longer blocking attacks. All the settings are fine and rules are also triggering in the error log but the injection is passed to apache.
e.g. previously entering 1=1 in any field we will receive a 403 error but now it does not stop this.
Can it be because they have retired the free rules?