From 18ab6d4af84d434db2611a722253475200d5fa04 Mon Sep 17 00:00:00 2001
From: ale <ale@incal.net>
Date: Sun, 31 Oct 2021 13:32:17 +0000
Subject: [PATCH] Update CRS customizations

---
 ...EQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf | 51 ++++++++-----------
 1 file changed, 21 insertions(+), 30 deletions(-)

diff --git a/docker/conf/modsecurity/crs/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf b/docker/conf/modsecurity/crs/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
index 3bb2ced0..3eb80335 100644
--- a/docker/conf/modsecurity/crs/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
+++ b/docker/conf/modsecurity/crs/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
@@ -21,16 +21,7 @@ SecRule REQUEST_FILENAME "@endsWith /wp-admin/themes.php" \
     phase:2,\
     pass,\
     nolog,\
-    ctl:ruleRemoveTargetByTag=CRS;ARGS:newcontent"
-
-# The ability to edit CSS triggers XSS rules when editing posts.
-# Disable all CRS rules on the wp-json API endpoint.
-SecRule REQUEST_URI "@beginsWith /wp-json/wp/v2/posts/" \
-    "id:1003,\
-    phase:2,\
-    pass,\
-    nolog,\
-    ctl:ruleRemoveTargetByTag=CRS;ARGS:content"
+    ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:newcontent"
 
 # Make the eventlist plugin work (SIGH for the lack of regexps).
 SecRule REQUEST_FILENAME "@endsWith /wp-admin/admin-ajax.php" \
@@ -38,26 +29,26 @@ SecRule REQUEST_FILENAME "@endsWith /wp-admin/admin-ajax.php" \
     phase:2,\
     pass,\
     nolog,\
-    ctl:ruleRemoveTargetByTag=CRS;ARGS:widget-event_list_widget[1][title],\
-    ctl:ruleRemoveTargetByTag=CRS;ARGS:widget-event_list_widget[1][cat_filter],\
-    ctl:ruleRemoveTargetByTag=CRS;ARGS:widget-event_list_widget[1][num_events],\
-    ctl:ruleRemoveTargetByTag=CRS;ARGS:widget-event_list_widget[1][location_length],\
-    ctl:ruleRemoveTargetByTag=CRS;ARGS:widget-event_list_widget[2][title],\
-    ctl:ruleRemoveTargetByTag=CRS;ARGS:widget-event_list_widget[2][cat_filter],\
-    ctl:ruleRemoveTargetByTag=CRS;ARGS:widget-event_list_widget[2][num_events],\
-    ctl:ruleRemoveTargetByTag=CRS;ARGS:widget-event_list_widget[2][location_length],\
-    ctl:ruleRemoveTargetByTag=CRS;ARGS:widget-event_list_widget[3][title],\
-    ctl:ruleRemoveTargetByTag=CRS;ARGS:widget-event_list_widget[3][cat_filter],\
-    ctl:ruleRemoveTargetByTag=CRS;ARGS:widget-event_list_widget[3][num_events],\
-    ctl:ruleRemoveTargetByTag=CRS;ARGS:widget-event_list_widget[3][location_length],\
-    ctl:ruleRemoveTargetByTag=CRS;ARGS:widget-event_list_widget[4][title],\
-    ctl:ruleRemoveTargetByTag=CRS;ARGS:widget-event_list_widget[4][cat_filter],\
-    ctl:ruleRemoveTargetByTag=CRS;ARGS:widget-event_list_widget[4][num_events],\
-    ctl:ruleRemoveTargetByTag=CRS;ARGS:widget-event_list_widget[4][location_length],\
-    ctl:ruleRemoveTargetByTag=CRS;ARGS:widget-event_list_widget[5][title],\
-    ctl:ruleRemoveTargetByTag=CRS;ARGS:widget-event_list_widget[5][cat_filter],\
-    ctl:ruleRemoveTargetByTag=CRS;ARGS:widget-event_list_widget[5][num_events],\
-    ctl:ruleRemoveTargetByTag=CRS;ARGS:widget-event_list_widget[5][location_length]"
+    ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-event_list_widget[1][title],\
+    ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-event_list_widget[1][cat_filter],\
+    ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-event_list_widget[1][num_events],\
+    ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-event_list_widget[1][location_length],\
+    ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-event_list_widget[2][title],\
+    ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-event_list_widget[2][cat_filter],\
+    ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-event_list_widget[2][num_events],\
+    ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-event_list_widget[2][location_length],\
+    ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-event_list_widget[3][title],\
+    ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-event_list_widget[3][cat_filter],\
+    ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-event_list_widget[3][num_events],\
+    ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-event_list_widget[3][location_length],\
+    ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-event_list_widget[4][title],\
+    ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-event_list_widget[4][cat_filter],\
+    ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-event_list_widget[4][num_events],\
+    ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-event_list_widget[4][location_length],\
+    ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-event_list_widget[5][title],\
+    ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-event_list_widget[5][cat_filter],\
+    ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-event_list_widget[5][num_events],\
+    ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-event_list_widget[5][location_length]"
 
 # More eventlist plugin workarounds.
 SecRule REQUEST_FILENAME "@endsWith /wp-admin/admin-ajax.php" \
-- 
GitLab