# Disable mod_security rules in this file.

SecRuleRemoveById 960015

# Oracle error messages.
SecRuleRemoveById 951120

# Wordpress generates badly encoded mime/multipart uploads
# for its own file upload functionality...
# Drop the REQBODY_ERROR and MULTIPART_UNMATCHED_BOUNDARY rules.
SecRuleRemoveById 200002 200004

# Matches an Apache directory listing.
SecRuleRemoveById 950130

# XSS rules that have too many false positives.
SecRuleRemoveById 941160
SecRuleRemoveById 941180

# The Accept: charset check gets confused by some ActivityPub
# headers (that specify a JSON-LD profile), just disable it.
SecRuleRemoveById 920600

# ModSec Rule Exclusion: 920273 : Invalid character in request (outside of very strict set)
# ModSec Rule Exclusion: 942432 : Restricted SQL Character Anomaly Detection (args): 
# number of special characters exceeded (2) (severity:  NONE/UNKOWN)
SecRuleRemoveById 920273
SecRuleRemoveById 942432

# Presence of PHP code in the output
SecRuleRemoveByID 953110
SecRuleRemoveByID 953120

# Filters dangerous file extensions in the URL.
SecRuleRemoveByID 920440

# Having '../' in the response body.
SecRuleRemoveByID 930110

# CR/LF + HTTP method name.
SecRuleRemoveByID 921110

# Ingres SQL exfil rule.
SecRuleRemoveByID 951190

# mssql SQL exfil rule.
SecRuleRemoveByID 951220

# Windows PowerShell Command
SecRuleRemoveByID 932120

# US-ASCII malformed encoding (Tomcat), fires on Russian posts
SecRuleRemoveByID 941310

# PostgreSQL connection errors.
SecRuleRemoveByID 951240