Implement support for ctl:ruleRemove family of actions in libModSecurity

[ghost]

I've used these heavily in my 2.x CRS implementation. With modsecurity and CRS 3.x upgrade I'd like to know whether to port my rules without using these directives or wait for the implementation.

[victorhora]

@Slabber,

Some actions of ctl:ruleRemove are already implemented: rule_remove_by_id,
rule_remove_target_by_id and rule_remove_target_by_tag should be all working.

SecRuleRemoveByID and SecRuleRemoveByMsg have also been implemented on v3 already.

You can follow the progress at #1476.

[ltning]

Hi, this issue seems to be present still:

service nginx restart

Performing sanity check on nginx configuration:
RemoveByTagplatform-windows
nginx: [emerg] "modsecurity_rules" directive Rules error. File: <>. Line: 3. Column: 50. syntax error, unexpected end of file in /usr/local/etc/nginx/nginx-mpi.conf:34
nginx: configuration file /usr/local/etc/nginx/nginx.conf test failed

Config for the location:
modsecurity on;
modsecurity_rules_file /usr/local/etc/modsecurity/modsecurity.conf;
modsecurity_rules '
SecRuleRemoveByTag "platform-windows"
';

Running 3.0.0 on nginx 1.12.2 on FreeBSD (we're the port maintainers for 3.0 on FreeBSD)

[ltning]

To be clear - SecRuleRemoveById works as expected in this context.

[zimmerle]

Hi @ltning and @Slabber,

Please upgrade your codebase. The SecRuleRemoveByTag was added two days ago. Here is the commit: 0ca5994

[zimmerle]

Hi @ltning and @Slabber,

As I did not hear from you, I am assuming that it working as expected.

[ltning]

It's easter vacation around here, haven't got time to update the port and rebuild. Expect to be able to test properly next week. Thanks, /Eirik