The WebProfileEditor provides an easy-to-use graphical user-interface for creating, loading, saving and modifying Web Application Profiles. It also includes a simple Compiler for transforming profiles into rule sets for the ModSecurity module.
As said before, the editor is in an early state, but is already usable for creating simple profiles. Right now it assist users in specifying the profile (xml) and includes a simple compiler to transform the profile into a ModSecurity ruleset:
- Read and write xml-based web application profiles
- Transform the profiles into ModSecurity rule sets
- Import rule sets from a REMO database
- Define abstract types and resource classes (see Web Application Profiles for details).
- Template selection for multiple variants of ruleset-generation
The editor is provided as Java archive and can simply be run by double-clicking the archive or issuing
java -jar WebProfileEditor.jar
in the command line. Since the editor is implemented in Java, a Java environment of version 1.5 or later is required. The Java archive is avaiable here:
- WebProfileEditor.jar - the latest version (0.1)
There is some more information available in a blog-entry on the web-profil editor. A list of blog-posts concerning web application profiles can be found by following the tags web-profile or web-security.
Why is the archive so large?
As the REMO database is based on SQLite, the editor includes a SQLite database driver for importing REMO rule sets. This is based on some virtual-machine simulator running the database driver, which in turn is required to be avaible to the editor for importing from REMO.