From 55231c5ccf5cab77d8f52ad0cbd882d23de638a6 Mon Sep 17 00:00:00 2001
From: ale <ale@incal.net>
Date: Sun, 4 Feb 2024 07:28:25 +0000
Subject: [PATCH] Avoid modsec issues on /wp-admin/widgets.php

---
 .../crs/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf         | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/docker/conf/modsecurity/crs/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf b/docker/conf/modsecurity/crs/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
index 4a3d0b61..d291bb89 100644
--- a/docker/conf/modsecurity/crs/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
+++ b/docker/conf/modsecurity/crs/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
@@ -82,9 +82,15 @@ SecRule REQUEST_URI "@beginsWith /wp-json/wp/v2/" \
     ctl:ruleRemoveTargetByID=932105;ARGS:content,\
     ctl:ruleRemoveTargetByID=941100;ARGS:content"
 
+# "PCRE limits exceeded" errors on customization urls.
 SecRule REQUEST_URI "@beginsWith /wp-admin/customize.php" \
     "id:1012,\
     pass,\
     nolog,\
     ctl:ruleEngine=Off"
+SecRule REQUEST_URI "@beginsWith /wp-admin/widgets.php" \
+    "id:1013,\
+    pass,\
+    nolog,\
+    ctl:ruleEngine=Off"
 
-- 
GitLab