Monk - 2007-05-05


I setup Webecki and I really like the clean interface. While testing around I came across some problems:

1. Logs are not shown
I configured the paths to the logs in config.php and they are readable by the apache user but not displayed in the webinterface

2. Rules
Many rule packages and especially the ModSecurity Core Rules Project offer their rules in individual files. It would be nice if the Webekci could handle this via an "Include rule/path/*.conf" for example

3. Default action
Webekci creates the following default action for me:

SecDefaultAction log,deny,status:403,t:lowercase,t:replaceNulls,t:compressWhitespace

Now modsecurity is complaining the the phase statement is missing so I change the config file to:

SecDefaultAction log,deny,status:403,phase:2,t:lowercase,t:replaceNulls,t:compressWhitespace

Great work anyway. Hope you keep it up

Thanks and best regards,