A browser editor for OWASP CRS rules — SecLang and CRSLang. No install, no server.
Demo: https://aredoff.github.io/crseditor/
If you write or tweak CRS rules, this gives you a form instead of editing raw text. It reads both CRSLang YAML and SecLang, and shows a live code preview as you work.
Parsing, validation, and compilation run in the browser via crslang WASM. To test rules, Coraza WASM runs your loaded rules against an HTTP request/response pair and shows what matched.
- Open the demo or run locally (
npm install && npm run dev). - New rule — blank template with a CRS-style rule id.
- Import — paste CRSLang YAML or SecLang (file or text).
- Fill in metadata, variables, operator, transformations, actions, ctl.
- Live SecLang and CRSLang preview on the right.
- Export — download or copy all rules in the format you need.
- Test — run loaded rules against a request/response.
Language switcher in the header (EN / RU / ES).
Rules live only in the tab’s memory. Reload the page and they’re gone — export when you want to keep them.
This is a CRS / SecLang / CRSLang editor, not a ModSecurity admin panel.
npm install
npm run dev # http://localhost:5173/crseditor/
npm run build
npm run lintRebuild WASM:
make wasm # crslang
make coraza-wasm # coraza (for Test)Code details: AGENTS.md, docs/ARCHITECTURE.md.
See the repository. WASM builds use upstream coreruleset/crslang and corazawaf/coraza.