Visualizing the Core-Rules Ruleset

This small project aims at a simple visualization of the core-rule ruleset. It is based upon a simple parser written in Java which reads the core-rules-x.y-z.tar.gz-file and transforms it into an XML description.

The idea was to create a parser which creates a format that exactly reassembles the flow that ModSecurity uses to apply the rules. Thus, it recognizes SecDefaultAction statements and tries to behave like the ModSecurity rule-flow as closely as possible.

The XML format is then transformed into plain HTML based on a XSLT stylesheet. The process is implemented within a set of small Java classes and can easily be repeated for new versions of the core rules.

Currently the only available visualizations are:

• Core Rules 1.6.1

More visualizations are coming up during the next days.

If you find anything awkward about the visualization, have ideas or feature requests for displaying things in a more convenient and easy-to-follow way, just drop me a line.

The Tool

You can also simply run the tool at home. It is available for download here: To create a HTML-page of your core-rules you need to have the corresponding tar.gz-file. The tools is started as follows:

   java -jar CoreRules2Html.jar  /path/to/output  modsecurity-core-rules-x.y.z.tar.gz

This will create the HTML page within the directory /path/to/output.