GUI editor to tame mod_security rules

⌈⌋ branch:  modseccfg



There's a small collection of SecRule/directive samples in Recipe. Nothing novel, but just common rule exception schemes, and a few mod_security and apache defaults to consider.

Note that most recipes take the currently selected rule id into account. But some work best with a relevant log entry selected (for the request_path and detected rule/data).

Menu entry What does it do Source
❮Wrap❯ Exclusions SecRuleRemoveById -
→ Locaton - wrapped in ❮Location❯ rule+log
→ Directory - wrapped in ❮Directory❯ rule+log
→ FilesMatch - wrapped in ❮FilesMatch❯ rule
Exclude Param SecRuleUpdateTargetByID rule
Rule DetectOnly SecRuleUpdateActionById rule
URL DetectOnly SecRule ctl: log
Whitelist - -
→ RREMOTE_ADDR SecRule with $remote_addr log
→ IP File SecRule from $confn.whitelist confn
Macros mod_macro definitions -
Setup - -
→ CRS *.preconf IncludeOptional .../*.preconf vhosts
→ CldFl IP2L SetEnvIf + SecRule setvar: -
→ CldFl RemoteIP RemoteIPTrustedProxy + SecRule TX.IS_CLOUDFLARE -
→ LogFormat LogFormats -
→ preconf_stub (autocreated) ❮Directory❯ wrapper for *.preconf files vhosts

Now the mini-editor window isn't very legible without syntax highlighting. But presumably this isn't an overly fascinating feature anyway. Hence there's also no recipe/*.txt directory for adding new ones yet.

Some of these rule exclusion snippets require the preconf scheme to be configured, btw.