From 77e73a73eccea5d2f9b7477898d64553b5eb86af Mon Sep 17 00:00:00 2001
From: ale <ale@incal.net>
Date: Sun, 31 Oct 2021 19:50:48 +0000
Subject: [PATCH] Add gutenberg-related mod_security rules

These should help with converting widgets from legacy to
new 'blocks'.
---
 .../REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf    | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/docker/conf/modsecurity/crs/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf b/docker/conf/modsecurity/crs/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
index 3eb80335..69496982 100644
--- a/docker/conf/modsecurity/crs/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
+++ b/docker/conf/modsecurity/crs/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
@@ -69,3 +69,17 @@ SecRule REQUEST_URI "@beginsWith /" \
     ctl:ruleRemoveTargetByTag=attack-sqli;ARGS:message_body,\
     ctl:ruleRemoveTargetByTag=attack-sqli;ARGS:text"
 
+# Gutenberg-related requests.
+SecRule REQUEST_URI "@beginsWith /wp-json/batch/v1" \
+    "id:1007,\
+    phase:2,\
+    pass,\
+    nolog,\
+    ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:requests.requests.body.instance.raw.content"
+SecRule REQUEST_URI "@beginsWith /wp-json/wp/v2/widget-types/text/encode" \
+    "id:1008,\
+    pass,\
+    nolog,\
+    ctl:ruleEngine=Off"
+
+
-- 
GitLab