Linux bear.hostingplus.cl 4.18.0-513.18.1.lve.2.el8.x86_64 #1 SMP Sat Mar 30 15:36:11 UTC 2024 x86_64
LiteSpeed
Server IP : 192.140.57.17 & Your IP : 216.73.216.38
Domains :
Cant Read [ /etc/named.conf ]
User : explo
Terminal
Auto Root
Create File
Create Folder
Localroot Suggester
Backdoor Destroyer
Readme
/
opt /
bitninja-waf3 /
coreruleset /
util /
rule_ctl /
Delete
Unzip
Name
Size
Permission
Date
Action
tests
[ DIR ]
drwxr-xr-x
2026-03-19 01:18
README.md
4.47
KB
-rw-r--r--
2026-03-12 06:10
pyproject.toml
74
B
-rw-r--r--
2026-03-12 06:10
requirements.txt
29
B
-rw-r--r--
2026-03-12 06:10
rule_ctl.py
29.03
KB
-rw-r--r--
2026-03-12 06:10
Save
Rename
draft # OWASP CRS Rule Control Script This script aims to help when a bulk change on configuration files is needed. rule_ctl.py can, for example, change the value of an action on all rules, or can add/remove/rename a tag on each rule in a file, or can add/remove a transformation function only in rules that match range 942100-942190, etc... ## Example Usage There're only two mandatory parameters: `--config` and `--filter-rule-id`. **--config** set the target config file<br> **--filter-rule-id** a regex that matches only rule ids to change For example, if you want to add a new tag on each rule in file `REQUEST-933-APPLICATION-ATTACK-PHP.conf` you can do: ```sh python3 util/rule_ctl/rule_ctl.py \ --config rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf \ --filter-rule-id ^933.+ \ --append-tag foo --dryrun ``` `--dryrun` sends to stdout the result of changes and prevent writing changes on file. It's a good idea to always check all commands with dryrun before overwrite the target configuration file. You can even alphabetically sort tag list while adding new tags: ```sh python3 util/rule_ctl/rule_ctl.py \ --config rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf \ --filter-rule-id ^933.+ \ --append-tag foo --sort-tag --dryrun ``` ## Variables - `--append-variable`: Append a variable on the variable list of selected rules - `--remove-variable`: Remove exact matching variable from selected rules - `--replace-variable`: Replace variable on selected rules ### Examples Replace the variable name `ARGS` with `ARGS_GET` ```sh python3 rule_ctl.py --config ../../rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf \ --filter-rule-id ^.\* \ --replace-variable ARGS,ARGS_GET \ --dryrun ``` Replace the variable `ARGS` with `!ARGS_GET:'lisa'` ```sh python3 rule_ctl.py --config ../../rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf \ --filter-rule-id ^.\* \ --replace-variable ARGS,\!ARGS_GET:\'lisa\' \ --dryrun ``` ## Tags - `--append-tag`: Append a new tag to the tag list on selected rules - `--remove-tag`: Remove tag from tag list on selected rules - `--rename-tag`: Rename tag on selected rules - `--sort-tags`: Alphabetically sort tag list on selected rules ### Examples Append a new tag `foo` and sort tag list ```sh python3 rule_ctl.py --config ../../rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf \ --filter-rule-id ^.\* \ --append-tag foo \ --sort-tags \ --dryrun ``` Remove a tag `foo` ```sh python3 rule_ctl.py --config ../../rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf \ --filter-rule-id ^.\* \ --remove-tag foo \ --dryrun ``` Rename a tag `foo` ```sh python3 rule_ctl.py --config ../../rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf \ --filter-rule-id ^.\* \ --rename-tag foo,bar \ --dryrun ``` ## Transformation Functions - `--append-tfunc`: Append a new transformation function on selected rules - `--remove-tfunc`: Remove a transformation function on selected rules ### Examples Append `t:lowercase` to all selected rules (you don't need the `t:` prefix) ```sh python3 rule_ctl.py --config ../../rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf \ --filter-rule-id ^.\* \ --append-tfunc lowercase \ --dryrun ``` ## Actions - `--replace-action`: Replace action on selected rules - `--remove-action`: remove action from selected rules ### Examples Replace action `severity:CRITICAL` with `severity:INFO` and set a new message on rule id 125 ```sh python3 rule_ctl.py --config ../../rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf \ --filter-rule-id ^125 \ --replace-action severity:CRITICAL,severity:INFO \ --uncond-replace-action 'msg:this is a new message for rule 125' \ --dryrun ``` ## CTL - `--append-ctl`: Append a new ctl action on selected rules ### Examples Remove rule id 1337 on rule 125 by adding ctl:ruleRemoveById=1337. Do it on main rule (skipping chained rules if present) ```sh python3 rule_ctl.py --config ../../rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf \ --filter-rule-id ^125 \ --append-ctl ruleRemoveById=1337 \ --skip-chain \ --dryrun ``` ## Others - `--target-file`: Set the target file where changes will be saved (default: use file set by `--config`) - `--skip-chain`: Skip chained rules - `--dryrun`: Do not write any changes, just output the results - `--debug`: Show debug messages - `--silent`: Used with `--dryrun` and `--debug` doesn't write and shows only debug messages - `--json`: Used with `--dryrun` return the msc_pyparser JSON output instead of ModSecurity file