ale · 6a283f15 · 18ab6d4a · 6a283f15
--- a/docker/conf/modsecurity/crs/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf

+ 21

− 30
+++ b/docker/conf/modsecurity/crs/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf

+ 21

− 30
 @@ -21,16 +21,7 @@ SecRule REQUEST_FILENAME "@endsWith /wp-admin/themes.php" \
    phase:2,\
    pass,\
    nolog,\
-    ctl:ruleRemoveTargetByTag=CRS;ARGS:newcontent"
-
-# The ability to edit CSS triggers XSS rules when editing posts.
-# Disable all CRS rules on the wp-json API endpoint.
-SecRule REQUEST_URI "@beginsWith /wp-json/wp/v2/posts/" \
-    "id:1003,\
-    phase:2,\
-    pass,\
-    nolog,\
-    ctl:ruleRemoveTargetByTag=CRS;ARGS:content"
+    ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:newcontent"

 # Make the eventlist plugin work (SIGH for the lack of regexps).
 SecRule REQUEST_FILENAME "@endsWith /wp-admin/admin-ajax.php" \
 @@ -38,26 +29,26 @@ SecRule REQUEST_FILENAME "@endsWith /wp-admin/admin-ajax.php" \
    phase:2,\
    pass,\
    nolog,\
-    ctl:ruleRemoveTargetByTag=CRS;ARGS:widget-event_list_widget[1][title],\
-    ctl:ruleRemoveTargetByTag=CRS;ARGS:widget-event_list_widget[1][cat_filter],\
-    ctl:ruleRemoveTargetByTag=CRS;ARGS:widget-event_list_widget[1][num_events],\
-    ctl:ruleRemoveTargetByTag=CRS;ARGS:widget-event_list_widget[1][location_length],\
-    ctl:ruleRemoveTargetByTag=CRS;ARGS:widget-event_list_widget[2][title],\
-    ctl:ruleRemoveTargetByTag=CRS;ARGS:widget-event_list_widget[2][cat_filter],\
-    ctl:ruleRemoveTargetByTag=CRS;ARGS:widget-event_list_widget[2][num_events],\
-    ctl:ruleRemoveTargetByTag=CRS;ARGS:widget-event_list_widget[2][location_length],\
-    ctl:ruleRemoveTargetByTag=CRS;ARGS:widget-event_list_widget[3][title],\
-    ctl:ruleRemoveTargetByTag=CRS;ARGS:widget-event_list_widget[3][cat_filter],\
-    ctl:ruleRemoveTargetByTag=CRS;ARGS:widget-event_list_widget[3][num_events],\
-    ctl:ruleRemoveTargetByTag=CRS;ARGS:widget-event_list_widget[3][location_length],\
-    ctl:ruleRemoveTargetByTag=CRS;ARGS:widget-event_list_widget[4][title],\
-    ctl:ruleRemoveTargetByTag=CRS;ARGS:widget-event_list_widget[4][cat_filter],\
-    ctl:ruleRemoveTargetByTag=CRS;ARGS:widget-event_list_widget[4][num_events],\
-    ctl:ruleRemoveTargetByTag=CRS;ARGS:widget-event_list_widget[4][location_length],\
-    ctl:ruleRemoveTargetByTag=CRS;ARGS:widget-event_list_widget[5][title],\
-    ctl:ruleRemoveTargetByTag=CRS;ARGS:widget-event_list_widget[5][cat_filter],\
-    ctl:ruleRemoveTargetByTag=CRS;ARGS:widget-event_list_widget[5][num_events],\
-    ctl:ruleRemoveTargetByTag=CRS;ARGS:widget-event_list_widget[5][location_length]"
+    ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-event_list_widget[1][title],\
+    ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-event_list_widget[1][cat_filter],\
+    ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-event_list_widget[1][num_events],\
+    ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-event_list_widget[1][location_length],\
+    ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-event_list_widget[2][title],\
+    ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-event_list_widget[2][cat_filter],\
+    ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-event_list_widget[2][num_events],\
+    ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-event_list_widget[2][location_length],\
+    ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-event_list_widget[3][title],\
+    ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-event_list_widget[3][cat_filter],\
+    ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-event_list_widget[3][num_events],\
+    ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-event_list_widget[3][location_length],\
+    ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-event_list_widget[4][title],\
+    ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-event_list_widget[4][cat_filter],\
+    ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-event_list_widget[4][num_events],\
+    ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-event_list_widget[4][location_length],\
+    ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-event_list_widget[5][title],\
+    ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-event_list_widget[5][cat_filter],\
+    ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-event_list_widget[5][num_events],\
+    ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-event_list_widget[5][location_length]"

 # More eventlist plugin workarounds.
 SecRule REQUEST_FILENAME "@endsWith /wp-admin/admin-ajax.php" \