Skip to content

Commit 25afae7

Browse files
azuritazurit
authored
Update wordpress-rule-exclusions-before.conf
1 parent 71af7d8 commit 25afae7

File tree

1 file changed

+8
-8
lines changed

1 file changed

+8
-8
lines changed

plugins/wordpress-rule-exclusions-before.conf

+8-8
Original file line numberDiff line numberDiff line change
@@ -70,7 +70,7 @@ SecRule REQUEST_FILENAME "@endsWith /wp-login.php" \
7070
ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:pass2"
7171

7272
# User Login
73-
SecRule REQUEST_FILENAME "@streq /wp-admin/admin-ajax.php" \
73+
SecRule REQUEST_FILENAME "@endsWith /wp-admin/admin-ajax.php" \
7474
"id:9507121,\
7575
phase:1,\
7676
pass,\
@@ -144,17 +144,17 @@ SecRule REQUEST_FILENAME "@rx /wp-json/wp/v[0-9]+/(?:posts|pages|templates)" \
144144
# Gutenberg via rest_route for sites without pretty permalinks
145145
SecRule REQUEST_FILENAME "@endsWith /index.php" \
146146
"id:9507141,\
147-
phase:1,\
147+
phase:2,\
148148
pass,\
149149
t:none,\
150150
nolog,\
151151
ver:'wordpress-rule-exclusions-plugin/1.0.1',\
152152
chain"
153-
SecRule &ARGS_GET:rest_route "@eq 1" \
153+
SecRule &ARGS:rest_route "@eq 1" \
154154
"t:none,\
155155
nolog,\
156156
chain"
157-
SecRule ARGS_GET:rest_route "@rx ^/wp/v[0-9]+/(?:posts|pages|widget-types|tags|templates|users)" \
157+
SecRule ARGS:rest_route "@rx ^/wp/v[0-9]+/(?:posts|pages|widget-types|tags|templates|users)" \
158158
"t:none,\
159159
ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:content,\
160160
ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:json.content,\
@@ -181,17 +181,17 @@ SecRule REQUEST_FILENAME "@rx /wp-json/wp/v[0-9]+/media" \
181181
# Gutenberg upload image/media via rest_route for sites without pretty permalinks
182182
SecRule REQUEST_FILENAME "@endsWith /index.php" \
183183
"id:9507143,\
184-
phase:1,\
184+
phase:2,\
185185
pass,\
186186
t:none,\
187187
nolog,\
188188
ver:'wordpress-rule-exclusions-plugin/1.0.1',\
189189
chain"
190-
SecRule &ARGS_GET:rest_route "@eq 1" \
190+
SecRule &ARGS:rest_route "@eq 1" \
191191
"t:none,\
192192
nolog,\
193193
chain"
194-
SecRule ARGS_GET:rest_route "@rx ^/wp/v[0-9]+/media" \
194+
SecRule ARGS:rest_route "@rx ^/wp/v[0-9]+/media" \
195195
"t:none,\
196196
ctl:ruleRemoveById=200002,\
197197
ctl:ruleRemoveById=200004"
@@ -323,7 +323,7 @@ SecRule ARGS:wp_customize "@streq on" \
323323
nolog,\
324324
ver:'wordpress-rule-exclusions-plugin/1.0.1',\
325325
chain"
326-
SecRule ARGS:action "@rx ^(?:|customize_save|update-widget)$" \
326+
SecRule ARGS:action "@rx ^(?:customize_save|update-widget)$" \
327327
"t:none,\
328328
chain"
329329
SecRule &ARGS:action "@eq 1" \

0 commit comments

Comments
 (0)