diff --git a/conf/modsecurity/crs/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf b/conf/modsecurity/crs/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
index 2af6211fc41197f6fe310e3c2ec6309e5c836e57..f09548a892247b0ccbcdb30807f19b1f17ee7651 100644
--- a/conf/modsecurity/crs/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
+++ b/conf/modsecurity/crs/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
@@ -16,9 +16,10 @@ SecRule REQUEST_URI "@beginsWith /wp-admin/site-health.php" \
     nolog,\
     ctl:ruleEngine=Off"
 
-SecRule REQUEST_URI "@beginsWith /wp-admin/themes.php" \
+SecRule REQUEST_FILENAME "@endsWith /wp-admin/themes.php" \
     "id:1002,\
+    phase:2,\
     pass,\
     nolog,\
-    ctl:ruleRemoveByTag=attack-xss"
+    ctl:ruleRemoveTargetByTag=CRS;ARGS:newcontent"