Skip to content
Snippets Groups Projects
Commit e0866e88 authored by ale's avatar ale
Browse files

Relax mod_security rules for CSS customization plugin

parent 77cb8ae5
No related branches found
No related tags found
No related merge requests found
Pipeline #61563 passed
Stage: build
Stage: container-test
Stage: release
Hide whitespace changes
Inline Side-by-side
docker/conf/modsecurity/crs/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
+ 4
2
View file @ e0866e88
......@@ -71,12 +71,14 @@ SecRule REQUEST_URI "@beginsWith /wp-admin/network/settings.php" \
ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:wp-piwik[tracking_code],\
ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:wp-piwik[noscript_code]"
# Gutenberg comments are misinterpreted.
SecRule REQUEST_URI "@beginsWith /wp-json/wp/v2/template-parts" \
# Gutenberg comments are misinterpreted, and CSS customizations trigger
# noisy SQL injection rules.
SecRule REQUEST_URI "@beginsWith /wp-json/wp/v2/" \
"id:1011,\
phase:2,\
pass,\
nolog,\
ctl:ruleRemoveById=942100,\
ctl:ruleRemoveTargetByID=932105;ARGS:content,\
ctl:ruleRemoveTargetByID=941100;ARGS:content"
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment