From b7f17966ca5773d46b893a2df016059a9c77456a Mon Sep 17 00:00:00 2001
From: ale <ale@incal.net>
Date: Mon, 21 Nov 2022 17:59:27 +0000
Subject: [PATCH] Add application/activity+json to allowed content types, new
 format

Using what is hopefully the right format for the tx.allowed_request_content_type
configuration variable.
---
 docker/conf/modsecurity/crs/crs-setup.conf | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/docker/conf/modsecurity/crs/crs-setup.conf b/docker/conf/modsecurity/crs/crs-setup.conf
index 961c8bfe..bd7adb51 100644
--- a/docker/conf/modsecurity/crs/crs-setup.conf
+++ b/docker/conf/modsecurity/crs/crs-setup.conf
@@ -388,13 +388,13 @@ SecAction \
 # |application/cloudevents+json| |application/cloudevents-batch+json| |application/octet-stream|
 # |application/csp-report| |application/xss-auditor-report| |text/plain|
 # Uncomment this rule to change the default.
-#SecAction \
-# "id:900220,\
-#  phase:1,\
-#  nolog,\
-#  pass,\
-#  t:none,\
-#  setvar:'tx.allowed_request_content_type=|application/x-www-form-urlencoded| |multipart/form-data| |multipart/related| |text/xml| |application/xml| |application/soap+xml| |application/x-amf| |application/json| |application/cloudevents+json| |application/cloudevents-batch+json| |application/octet-stream| |application/csp-report| |application/xss-auditor-report| |text/plain|'"
+SecAction \
+ "id:900220,\
+  phase:1,\
+  nolog,\
+  pass,\
+  t:none,\
+  setvar:'tx.allowed_request_content_type=|application/x-www-form-urlencoded| |multipart/form-data| |multipart/related| |text/xml| |application/xml| |application/soap+xml| |application/x-amf| |application/json| |application/cloudevents+json| |application/cloudevents-batch+json| |application/octet-stream| |application/csp-report| |application/xss-auditor-report| |application/activity+json| |text/plain|'"
 
 # Allowed HTTP versions.
 # Default: HTTP/1.0 HTTP/1.1 HTTP/2 HTTP/2.0
-- 
GitLab