From 076f52604708799670aa37b58edd27749e06c49d Mon Sep 17 00:00:00 2001
From: ale <ale@incal.net>
Date: Mon, 14 Sep 2020 17:40:45 +0100
Subject: [PATCH] Disable XSS ModSec rules for wpmu-custom-css

Fixes issue ai3/prod#195.
---
 .../crs/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf        | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/conf/modsecurity/crs/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf b/conf/modsecurity/crs/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
index 6201f2b..2af6211 100644
--- a/conf/modsecurity/crs/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
+++ b/conf/modsecurity/crs/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
@@ -15,3 +15,10 @@ SecRule REQUEST_URI "@beginsWith /wp-admin/site-health.php" \
     pass,\
     nolog,\
     ctl:ruleEngine=Off"
+
+SecRule REQUEST_URI "@beginsWith /wp-admin/themes.php" \
+    "id:1002,\
+    pass,\
+    nolog,\
+    ctl:ruleRemoveByTag=attack-xss"
+
-- 
GitLab