diff --git a/conf/modsecurity/crs/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf b/conf/modsecurity/crs/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
index 6c8011f753ce110a87c9a52ed5f61fcdf6c989b2..4a79c0a052188161034fc694d46f5626b12fb0d9 100644
--- a/conf/modsecurity/crs/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
+++ b/conf/modsecurity/crs/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
@@ -30,7 +30,7 @@ SecRule REQUEST_URI "@beginsWith /wp-json/wp/v2/posts/" \
     phase:2,\
     pass,\
     nolog,\
-    ctl:ruleRemoveTargetByTag=CRS,ARGS:content"
+    ctl:ruleRemoveTargetByTag=CRS;ARGS:content"
 
 # Make the eventlist plugin work.
 SecRule REQUEST_FILENAME "@endsWith /wp-admin/admin-ajax.php" \
@@ -38,5 +38,5 @@ SecRule REQUEST_FILENAME "@endsWith /wp-admin/admin-ajax.php" \
     phase:2,\
     pass,\
     nolog,\
-    ctl:ruleRemoveTargetByTag=CRS,ARGS:/widget-event_list_widget.*/"
+    ctl:ruleRemoveTargetByTag=CRS;ARGS:/widget-event_list_widget.*/"