fix: false positive related to navigation menu update (#47)

azurit · web-flow · commit 78c21afb54a6 · 2024-06-26T17:18:45.000+10:00
* Update wordpress-rule-exclusions-before.conf

* Update wordpress-rule-exclusions-before.conf

* Update wordpress-rule-exclusions-before.conf
diff --git a/plugins/wordpress-rule-exclusions-before.conf b/plugins/wordpress-rule-exclusions-before.conf
@@ -131,7 +131,7 @@ SecRule REQUEST_FILENAME "@endsWith /wp-admin/admin-ajax.php" \
 #
 
 # Gutenberg
-SecRule REQUEST_FILENAME "@rx /wp-json/wp/v[0-9]+/(?:posts|pages|templates)" \
+SecRule REQUEST_FILENAME "@rx /wp-json/wp/v[0-9]+/(?:posts|pages|templates|navigation)" \
     "id:9507140,\
     phase:1,\
     pass,\
@@ -231,17 +231,17 @@ SecRule REQUEST_FILENAME "@endsWith /index.php" \
 
 # Cannot update page|post in WordPress due to `x-http-method-override` header.
 # This rule is a copy of rule 900250 and must be synchronised with that rule.
-SecRule REQUEST_FILENAME "@rx /wp-json/wp/v[0-9]+/(?:posts|pages|users|templates)" \
+SecRule REQUEST_FILENAME "@rx /wp-json/wp/v[0-9]+/(?:posts|pages|users|templates|navigation)" \
     "id:9507146,\
     phase:1,\
     pass,\
     t:none,\
     nolog,\
     ver:'wordpress-rule-exclusions-plugin/1.0.1',\
     chain"
-    SecRule REQUEST_METHOD "@streq POST" \
+    SecRule &REQUEST_HEADERS:x-http-method-override "!@eq 0" \
         "t:none,\
-        setvar:'tx.restricted_headers_basic=/content-encoding/ /proxy/ /lock-token/ /content-range/ /if/ /x-http-method/ /x-method-override/'"
+        ctl:ruleRemoveById=920450"
 
 # Loading tags/catagories for pages/posts
 # Obtaining metadata for pages/posts
