docs: improve installation and configuration clarity

README.md

@@ -7,28 +7,13 @@ This plugin contains rule exclusions to fix false positives when using Roundcube
 - CRS Version 4.0 or newer
 - ModSecurity compatable Web Application Firewall
 
-## How to install the plugin
+## Installation
 
-1. Copy and paste the files ``roundcube-rule-exclusions-before.conf`` and ``roundcube-rule-exclusions-config.conf`` into your CRS plugins folder.
+For full and up to date instructions on installing plugins, please refer to [How to Install a Plugin](https://coreruleset.org/docs/concepts/plugins/#how-to-install-a-plugin) in the official CRS documentation.
 
-2. Create two wildcards includes after ``crs-setup.conf`` but before loading CRS rules. Create the ``*-config.conf`` includes first, followed by the ``*-before.conf`` includes as shown in the code block below (This only needs to be done once, after that any plugins placed within the plugins folder will automatically be activated).
+### Configuration
 
-3. Then reload your WAF to apply the new changes (Restart for Nginx ModSec users)
-
-```
-Include /path/to/coreruleset/modsecurity.conf
-Include /path/to/coreruleset/crs-setup.conf
-
-Include /path/to/coreruleset/plugins/*-config.conf
-Include /path/to/coreruleset/plugins/*-before.conf
-
-Include /path/to/coreruleset/rules/*.conf
-```
-
-You can also refer to official CRS documentation on how to install a plugin https://coreruleset.org/docs/concepts/plugins/#how-to-install-a-plugin
-
-## Disabling the plugin
-The plugin can be disabled by uncommenting rule 9519000 inside ``plugins/roundcube-rule-exclusions-config.conf`` or by removing the includes for this plugin.
+Since Roundcube sends all requests to the same URL path, by default this plugin will unconditionally apply all rule exclusions to all URL paths. This behavior is configurable, you can choose to only apply rule exclusions to a specific URL path that Roundcube is installed on (For example, /mail/ or /roundcube/) by editing the rule ``9519001`` in ``plugins/roundcube-rule-exclusions-config.conf``. This is useful if you are hosting multiple web applications on the same domain and you only want to enable the Roundcube plugin on Roundcube.
 
 ## Sieves filter false positive
 
@@ -58,3 +43,11 @@ If you find a false positive that this plugin does not cover then please open a
 2. ModSecurity/Coraza Version
 3. modsec audit logs
 4. what caused the false positive
+
+Pull requests are welcomed if you know how to fix the issue, but please make sure to include tests if possible.
+
+## License
+
+Copyright (c) 2023-2024 Esad Cetiner
+
+This plugin is distributed under GNU General Public License V2 (GPLv2), please see the included LICENSE file for details.

plugins/roundcube-rule-exclusions-config.conf

@@ -42,16 +42,12 @@
 #    ver:'roundcube-rule-exclusions-plugin/1.0.1',\
 #    setvar:'tx.roundcube-rule-exclusions-plugin=0'"
 # 
-# Roundcube allows you to choose what URL path to install roundcube on (Which can be anything),
-# this plugin lets you inform the plugin where your roundcube is installed.
-# By default, this plugin will apply exclusions for all URL paths (Since it doesn't know where Roundcube is installed), 
-# it's recommended to specify the path roundcube is installed to ensure exclusion rules are as strict as possible.
-# 
-# Below are some common configuration examples of the URL path:
-#    setvar:'tx.roundcube-rule-exclusions-path=/'" (Default)
-#    setvar:'tx.roundcube-rule-exclusions-path=/mail/'"
-#    setvar:'tx.roundcube-rule-exclusions-path=/webmail/'"
-#    setvar:'tx.roundcube-rule-exclusions-path=/roundcube'"
+# Since Roundcube sends all requests to the same URL path, by default this plugin will
+# unconditionally apply all rule exclusions to all URL paths. This behavior is configurable, 
+# you can choose to only apply rule exclusions to a specific URL path that Roundcube is 
+# installed on (For example, /mail/ or /roundcube/) by editing the rule below.
+# This is useful if you are hosting multiple web applications on the same domain 
+# and you only want to enable the Roundcube plugin on Roundcube.
 #
 SecAction \
     "id:9519001,\