Remo is a graphical rule editor for ModSecurity, an Apache security module. ModSecurity is quite difficult to configure successfully. Modsecurity.org advertises a tested core ruleset granting you protection from most known attacks, but this is only blocks traffic known to be dangerous, when it is more effective to block everything not known to be safe. Remo is meant to assist in the difficult task of writing the rules that would correctly describe the requests that are valid for an application.
|Tags||Internet Web HTTP Servers Security|
|Operating Systems||POSIX Linux Unix|
Release Notes: This first beta release brings the ability to import ModSecurity audit-logs and match them against the ruleset in the edit-area of Remo. This lets you check if the ruleset which you are developing will work with your online application in practice.
Release Notes: This release includes a group of predefined standard regular expressions that make editing of requests a lot easier. The responses to every argument failure can be configured specially, including HTTP status code and optional redirect location. Argument names can now contain regular expressions themselves in order to map tabular forms with dynamic content in remo.
Release Notes: Support for query string arguments and cookies. Every request argument can now be optional or mandatory. With this, Remo can qualify basic HTTP requests completely: method, path, query string parameters, headers, post payload parameters, and cookies.
Release Notes: The GUI has support for POST arguments, and generates a rule for a single request (generate button next to the request path). The rule generator has support for POST arguments.
Release Notes: New features in the GUI include support for HTTP headers in the remo edit window, a customizable list of default headers and default value domains, in-place editing for all supported request properties (method, path and headers), and labels for toolset buttons. Detailarea has been removed. New features in the rule generator include strict checking of headers in the generated ModSecurity ruleset, and a per request rule-group in the ruleset using the LocationMatch directive.