{"id":91,"date":"2013-09-12T21:03:39","date_gmt":"2013-09-12T19:03:39","guid":{"rendered":"http:\/\/ngweb.netnea.com\/cms\/?page_id=91"},"modified":"2013-10-13T12:09:42","modified_gmt":"2013-10-13T10:09:42","slug":"remo-a-rule-editor-for-modsecurity","status":"publish","type":"page","link":"https:\/\/www.netnea.com\/cms\/remo-a-rule-editor-for-modsecurity\/","title":{"rendered":"REMO &#8211; A Rule Editor for ModSecurity"},"content":{"rendered":"<div class=\"clear-block\">\n<div class=\"node\" id=\"node-41\">\n<div class=\"content clear-block\">\n<p>Main | <a title=\"REMO \u2013 Download\" href=\"\/cms\/?page_id=272\">Download<\/a> | <a title=\"REMO \u2013 Documentation\" href=\"\/cms\/?page_id=270\">Documentation<\/a><\/p>\n<h5>Welcome to REMO<\/h5>\n<p>This is a project to build a graphical rule editor for ModSecurity with a positive\/whitelist approach.<\/p>\n<p>There is a beta release 0.2.0, but it&#8217;s better to work with the development sourcetree.<\/p>\n<h5>Basic Concept<\/h5>\n<p>ModSecurity is not a simple toy. It is quite tricky to configure successfully. Many web applications are not very simple either. Bringing them together by writing a tight ModSecurity ruleset is very difficult. Modsecurity.org advertises a tested core ruleset granting you protection from most known attacks. But this is only a blacklist approach: All known dangerous traffic is filtered out.<\/p>\n<p>A network firewall uses a whitelist approach; also called positive security model: Everything is dropped outside of a short and strict rulset. An application firewall should do exactly the same. (See Ivan Ristic&#8217;s thougts on positive security. Ivan Ristic is the man behind ModSecurity.)<\/p>\n<p>But this comes with a catch: Your application does not come with a short and strict ruleset and writing one will be tough. This is the point where remo comes into play. It is meant as a graphical editor for this ruleset, thus helping you to generate a whitelist of valid requests to your application. Ideally you will be able to bundle this ruleset with every release of your online application.<\/p>\n<div style=\"clear: both;\"><\/div>\n<p><a href=\"\/cms\/wp-content\/uploads\/2013\/10\/remo-main-screenshot.png\"><br \/>\n<img loading=\"lazy\" decoding=\"async\" class=\"alignleft\" style=\"margin: 0px 40px 5px 5px; border: 0px;\" title=\"Remo\" alt=\"Remo\" src=\"\/cms\/wp-content\/uploads\/2013\/10\/remo-screenshot-20070221-svn138_smaller.png\" width=\"360\" height=\"260\" border=\"0\" \/><\/a><\/p>\n<h5>Features<\/h5>\n<p>This is the short list of features done so far:<\/p>\n<p>* Ruby on rails application with ajax use<br \/>\n* Enter http requests, display them, edit them, delete them, rearrange them<br \/>\n* Edit the http headers of the requests<br \/>\n* Edit the query string parameters<br \/>\n* Edit the cookie parameters<br \/>\n* Edit the post payload arguments<br \/>\n* Every argument can be optional or mandatory<br \/>\n* The response to every argument failure can be configured specially including http status code and optional redirect location<br \/>\n* Argument names can contain regular expressions themselves<br \/>\n* Default value domains for all arguments. So you do not have to edit a regular expression for every parameter. Just select a predefined value.<br \/>\n* Generate positive ModSecurity2 ruleset<br \/>\n* Import ModSecurity audit-logs<br \/>\n* Check requests in the audit-log against the ruleset in development to find out wether it will work in practice<\/p>\n<div style=\"clear: both;\"><\/div>\n<h5>Future plans<\/h5>\n<p>Remo is currently on hold. That is it works, but I lack the time to continue development. The following is a list of features I have in mind:<\/p>\n<p>* Authentication and session support in Remo<br \/>\n* Cover performance issues<br \/>\n* Proxy-mode for on the fly rule development<br \/>\n* New CSS with better looks<br \/>\n* Bring a decent look to Remo in Internet Explorer<br \/>\n* Better default value domains<br \/>\n* Polish the application<\/p>\n<p>See the download section for the sourcecode and regression tests of the codebase. There is an online demo of the latest code, there are screenshots and even a video.<\/p>\n<p>Your feedback and your feature requests are very welcome! Really.<\/p>\n<p>You can contact me, the developer, via christian.folini at netnea.com.<\/p>\n<div><\/div>\n<p>&nbsp;<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Main | Download | Documentation Welcome to REMO This is a project to build a graphical rule editor for ModSecurity with a positive\/whitelist approach. There is a beta release 0.2.0, but it&#8217;s better to work with the development sourcetree. Basic Concept ModSecurity is not a simple toy. It is quite tricky to configure successfully. Many [&hellip;]<\/p>\n","protected":false},"author":5,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"open","template":"","meta":{"footnotes":""},"class_list":["post-91","page","type-page","status-publish","czr-hentry"],"_links":{"self":[{"href":"https:\/\/www.netnea.com\/cms\/wp-json\/wp\/v2\/pages\/91","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.netnea.com\/cms\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.netnea.com\/cms\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.netnea.com\/cms\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/www.netnea.com\/cms\/wp-json\/wp\/v2\/comments?post=91"}],"version-history":[{"count":15,"href":"https:\/\/www.netnea.com\/cms\/wp-json\/wp\/v2\/pages\/91\/revisions"}],"predecessor-version":[{"id":447,"href":"https:\/\/www.netnea.com\/cms\/wp-json\/wp\/v2\/pages\/91\/revisions\/447"}],"wp:attachment":[{"href":"https:\/\/www.netnea.com\/cms\/wp-json\/wp\/v2\/media?parent=91"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}