This commit makes ModSecurity to refuse to download or install rules
(SecRemoteRules) from sites that are not running HTTPS with a valid and
trusted certificate.
Originally the SecRemoteRules fetch the rules from an remote server in an
specific format, using cryptography. This patch adds the possibility to
load rules in plain/text format.
SecRemoteRules adds a new dependency to libcurl. Before only mlogc was
depending on libcurl. SecRemoteRules also depends on the apr-tools with
crypto support, which (as reported by our buildbots) is not default in
some environments such as: MacOS X. This commit disable SecRemoteRules
support if apr-tools was not compiled with crypto support.
This directive allows the user to set a default action whenever the
SecRemoteRules failed to download a set of rules. Current the supported
values are: Warn and Abort. By default `Abort' is selected.
