diff --git a/docker/conf/modsecurity/crs/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf b/docker/conf/modsecurity/crs/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
index 3eb80335f2744af7d06fb10b10775b2feadfcd5d..69496982dcfd58d82c6f6ea7df31be9899741c6d 100644
--- a/docker/conf/modsecurity/crs/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
+++ b/docker/conf/modsecurity/crs/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
@@ -69,3 +69,17 @@ SecRule REQUEST_URI "@beginsWith /" \
     ctl:ruleRemoveTargetByTag=attack-sqli;ARGS:message_body,\
     ctl:ruleRemoveTargetByTag=attack-sqli;ARGS:text"
 
+# Gutenberg-related requests.
+SecRule REQUEST_URI "@beginsWith /wp-json/batch/v1" \
+    "id:1007,\
+    phase:2,\
+    pass,\
+    nolog,\
+    ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:requests.requests.body.instance.raw.content"
+SecRule REQUEST_URI "@beginsWith /wp-json/wp/v2/widget-types/text/encode" \
+    "id:1008,\
+    pass,\
+    nolog,\
+    ctl:ruleEngine=Off"
+
+