@naesh #p587 — We actually had something like that in earlier versions: Changelog 0.1.6. However, starting from the 1.x release, I didn’t have time to fully migrate the UI template from Bootstrap to TailwindCSS, nor to switch the backend from ModSecurity to Coraza — so the feature was removed from the UI entirely.
Right now, all configuration has to be done manually from the terminal by an admin:
To disable individual rules:
- Globally (for all domains): Edit
/etc/openpanel/caddy/coraza_rules.conf
- For new domains only: Add a
SecRuleRemoveById section in the domain template
To create custom rule exceptions per app/domain:
Simply edit the domain config file:
/etc/openpanel/caddy/domains/DOMAIN_NAME.conf
Then add a SecRuleRemoveById line, e.g.:
SecRuleRemoveById 980130 942100 920350
To see which rules are currently active or causing blocks:
Logs are written to:
/var/log/caddy/coraza_audit.log
I don’t have a timeline yet for when these features will return to the user/admin UI — they will be reintroduced eventually, but there are other priorities to tackle first. 😕