make crs before/after rules editable

Signed-off-by: Zoey <zoey@z0ey.de>

rootfs/bin/start.sh

@@ -388,6 +388,16 @@ if [ ! -s /data/etc/modsecurity/crs-setup.conf ]; then
 fi
 cp /usr/local/nginx/conf/conf.d/include/coreruleset/crs-setup.conf.example /data/etc/modsecurity/crs-setup.conf.example
 
+if [ ! -s /data/etc/modsecurity/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example ]; then
+      cp -vn /usr/local/nginx/conf/conf.d/include/coreruleset/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example /data/etc/modsecurity/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
+fi
+cp /usr/local/nginx/conf/conf.d/include/coreruleset/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example /data/etc/modsecurity/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example
+
+if [ ! -s /data/etc/modsecurity/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.example ]; then
+      cp -vn /usr/local/nginx/conf/conf.d/include/coreruleset/rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.example /data/etc/modsecurity/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf
+fi
+cp /usr/local/nginx/conf/conf.d/include/coreruleset/rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.example /data/etc/modsecurity/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.example
+
 if [ "$NPM_CERT_ID" = "0" ]; then
     export NPM_CERT=/data/tls/dummycert.pem
     export NPM_KEY=/data/tls/dummykey.pem

rootfs/usr/local/nginx/conf/conf.d/include/modsecurity-crs.conf

@@ -1,4 +1,6 @@
 Include /data/etc/modsecurity/modsecurity-default.conf
 Include /data/etc/modsecurity/modsecurity-extra.conf
 Include /data/etc/modsecurity/crs-setup.conf
+Include /data/etc/modsecurity/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
 Include /usr/local/nginx/conf/conf.d/include/coreruleset/rules/*.conf
+Include /data/etc/modsecurity/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf