From 561254dc368cf8c98b9ea623a4495fdf01a3a712 Mon Sep 17 00:00:00 2001
From: ale <ale@incal.net>
Date: Fri, 29 Apr 2022 16:54:39 +0100
Subject: [PATCH] ModSecurity fix for wp-piwik settings pages

---
 .../crs/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf       | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/docker/conf/modsecurity/crs/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf b/docker/conf/modsecurity/crs/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
index 7c0e2414..93c06a7f 100644
--- a/docker/conf/modsecurity/crs/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
+++ b/docker/conf/modsecurity/crs/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
@@ -55,6 +55,7 @@ SecRule REQUEST_URI "@beginsWith /wp-json/wp/v2/widget-types/text/encode" \
     nolog,\
     ctl:ruleEngine=Off"
 
+# Make WP-Piwik settings pages work.
 SecRule REQUEST_URI "@beginsWith /wp-admin/network/site-settings.php" \
     "id:1009,\
     phase:2,\
@@ -62,4 +63,11 @@ SecRule REQUEST_URI "@beginsWith /wp-admin/network/site-settings.php" \
     nolog,\
     ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:option[wp-piwik-tracking_code],\
     ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:option[wp-piwik-noscript_code]"
+SecRule REQUEST_URI "@beginsWith /wp-admin/network/settings.php" \
+    "id:1010,\
+    phase:2,\
+    pass,\
+    nolog,\
+    ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:wp-piwik[tracking_code],\
+    ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:wp-piwik[noscript_code]"
 
-- 
GitLab