Recipe

There's a small collection of SecRule/directive samples in Recipe→…. Nothing novel, but just common rule exception schemes, and a few mod_security and apache defaults to consider.

Note that most recipes take the currently selected rule id into account. But some work best with a relevant log entry selected (for the request_path and detected rule/data).

Menu entry

What does it do

Source

+-----------------+---------------------------------------------------+--------------+ |<Wrap> Exclusions| SecRuleRemoveById | - | | → Locaton | - wrapped in <Location> | rule+log | | → Directory | - wrapped in <Directory> | rule+log | | → FilesMatch | - wrapped in <FilesMatch> | rule | | Exclude Param | SecRuleUpdateTargetByID | rule | | Rule DetectOnly| SecRuleUpdateActionById | rule | | URL DetectOnly | SecRule ctl: | log | | Whitelist | - | - | | → RREMOTE_ADDR | SecRule with $remote_addr | log | | → IP File | SecRule from $confn.whitelist | confn | | Macros | mod_macro definitions | - | | Setup | - | - | | → CRS .preconf | IncludeOptional .../.preconf | vhosts | | → CldFl IP2L | SetEnvIf + SecRule setvar: | - | | → CldFl RemoteIP| RemoteIPTrustedProxy + SecRule TX.IS_CLOUDFLARE | - | | → LogFormat | LogFormats | - | | → preconf_stub | (autocreated) <Directory> wrapper for *.preconf files | vhosts |

Now the mini-editor window isn't very legible without syntax highlighting. But presumably this isn't an overly fascinating feature anyway. Hence there's also no recipe/*.txt directory for adding new ones yet.

Some of these rule exclusion snippets require the preconf scheme to be configured, btw.