diff --git a/default_action.conf b/default_action.conf
new file mode 100644
index 0000000..1edb90c
--- /dev/null
+++ b/default_action.conf
@@ -0,0 +1 @@
+SecDefaultAction "log,deny,auditlog,phase:2,status:403"
diff --git a/modsecurity-init.conf b/modsecurity-init.conf
index 8246a4e..d5717a7 100644
--- a/modsecurity-init.conf
+++ b/modsecurity-init.conf
@@ -1,4 +1,4 @@
-SecDefaultAction "log,deny,auditlog,phase:2,status:403"
+modsecurity_rules_file modsecurity.d/default_action.conf;
 modsecurity on;
 modsecurity_rules_file modsecurity.d/nginx-waf/conf/tortix_waf.conf;
 modsecurity_rules_file modsecurity.d/nginx-waf/00_asl_whitelist.conf;