recipe
Recipe
There's a small collection of SecRule/directive samples in Recipe→…. Nothing novel, but just common rule exception schemes, and a few mod_security and apache defaults to consider.
Note that most recipes take the currently selected rule id into account. But some work best with a relevant log entry selected (for the request_path and detected rule/data).
| Menu entry | What does it do | Source |
|---|---|---|
| ❮Wrap❯ Exclusions | SecRuleRemoveById | - |
| → Locaton | - wrapped in ❮Location❯ | rule+log |
| → Directory | - wrapped in ❮Directory❯ | rule+log |
| → FilesMatch | - wrapped in ❮FilesMatch❯ | rule |
| Exclude Param | SecRuleUpdateTargetByID | rule |
| Rule DetectOnly | SecRuleUpdateActionById | rule |
| URL DetectOnly | SecRule ctl: | log |
| Whitelist | - | - |
| → RREMOTE_ADDR | SecRule with $remote_addr | log |
| → IP File | SecRule from $confn.whitelist | confn |
| Macros | mod_macro definitions | - |
| Setup | - | - |
| → CRS *.preconf | IncludeOptional .../*.preconf | vhosts |
| → CldFl IP2L | SetEnvIf + SecRule setvar: | - |
| → CldFl RemoteIP | RemoteIPTrustedProxy + SecRule TX.IS_CLOUDFLARE | - |
| → LogFormat | LogFormats | - |
| → preconf_stub | (autocreated) ❮Directory❯ wrapper for *.preconf files | vhosts |
Now the mini-editor window isn't very legible without syntax highlighting. But presumably this isn't an overly fascinating feature anyway. Hence there's also no recipe/*.txt directory for adding new ones yet.
Some of these rule exclusion snippets require the preconf scheme to be configured, btw.