In the Web Application Firewall
### Package: OWASP ModSecurity Core Rule Set
OWASP Core Ruleset (2013) provides protection against common attack categories, including SQL Injection and Cross-Site Scripting. There are two primary settings, Sensitivity and Action.
In the below article it describes what Low, Medium and High mean for Sensitivity but I can’t find what “OFF” means. Does it mean the sensitivity if off, so any score will trigger a challenge (or applied action) or does it mean the OWASP core ruleset is off, or something else?