we recognize some strange behaviour when it comes to SQLi. We have set PreventSQLi to detect (for obvious reasons like you mentioned in the man page) and according to the manual it should only log and not react. But for some reasons, e.g. uploading a picture causes a log entry AND a ban. Moreover the ban is not logged anywhere. The SQLi is logged as expected into exploit.log. Setting PreventSQLi to no, solves this, but this should not be the expected behaviour?!
If this is a misunderstanding of the manual, please ignore this