Feature Request: GitLab Plugin

[sempervictus]

Seems GitLab is fairly prone to false positives with ModSecurity and the whackamole exclusion process is a bit onerous/may exclude valid rules. Wondering if anyone's got a CRS plugin in the works for "on-prem" GitLab setups (in our case, V2+Apache).

[azurit]

@sempervictus Hi. Probably no but we may create one if you are willing to help - mainly providing logs and testing. What do you think?

[EsadCetiner]

@sempervictus
I've been thinking about playing with GitLab and writing a plugin for it, I haven't really decided if I'll go through with it or not. Although I'm not sure who should maintain the plugins (Myself, CRS, or a 3rd party), I already maintain 3 plugins myself and I'm not sure I can maintain 4 with reasonable quality.

[azurit]

I'm able to maintain it but i don't use it so i can't write it only by myself - i need, at least, logs and testing.

[sempervictus]

I'm not the heaviest user so won't cover all the APIs but if there's some smoke test set we could execute, it should give us a baseline. Can set up a test instance if needed in our private clouds and provide access for devs

[azurit]

@sempervictus No need to cover it all, we can start with your use-case. Can you provide us with logs of blocked requests?