diff --git a/docker/conf/modsecurity/crs/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf b/docker/conf/modsecurity/crs/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
index 673aef72b3548191712ca876658207e0c1e9f1e8..9495f7be1b6aeb7bd2d4b5ded9acbb2292e4f6bc 100644
--- a/docker/conf/modsecurity/crs/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
+++ b/docker/conf/modsecurity/crs/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
@@ -71,12 +71,14 @@ SecRule REQUEST_URI "@beginsWith /wp-admin/network/settings.php" \
     ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:wp-piwik[tracking_code],\
     ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:wp-piwik[noscript_code]"
 
-# Gutenberg comments are misinterpreted.
-SecRule REQUEST_URI "@beginsWith /wp-json/wp/v2/template-parts" \
+# Gutenberg comments are misinterpreted, and CSS customizations trigger
+# noisy SQL injection rules.
+SecRule REQUEST_URI "@beginsWith /wp-json/wp/v2/" \
     "id:1011,\
     phase:2,\
     pass,\
     nolog,\
+    ctl:ruleRemoveById=942100,\
     ctl:ruleRemoveTargetByID=932105;ARGS:content,\
     ctl:ruleRemoveTargetByID=941100;ARGS:content"