Fix libmodsecurity (v3) incompatible ctl:ruleRemoveByTag

[emphazer]

according to #1418

[theMiddleBlue]

thanks @emphazer

unfortunately, it seems that ruleRemoveById doesn't work properly when a range is given :( owasp-modsecurity/ModSecurity#2099 (comment) this makes useless a lot of CRS exclusion rules when using on libmodsecurity (v3).

[emphazer]

okay @theMiddleBlue
i will fix that

[emphazer]

@theMiddleBlue but that will fix just a part of the problem.
they must fix it in libmodsecurity or else we can't keep this rule exclusions in my opinion.

[theMiddleBlue]

thanks!

they must fix it in libmodsecurity

yes, they must. Our exclusion rule set makes extensive use of ruleRemoveById with ranges and ruleRemoveByTag. This makes CRS incompatible with the current v3... I'm waiting for an answer here owasp-modsecurity/ModSecurity#2099

[theMiddleBlue]

A PR will be soon available on ModSecurity in order to fix this. Thanks!

[theMiddleBlue]

fixed by owasp-modsecurity/ModSecurity#2102 (thanks @airween @zimmerle)