From 42c86c63ba5ecc35d07f246ebbc52691218151a4 Mon Sep 17 00:00:00 2001 From: azurit Date: Mon, 24 Jun 2024 13:55:50 +0200 Subject: [PATCH 1/3] Update wordpress-rule-exclusions-before.conf --- plugins/wordpress-rule-exclusions-before.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/wordpress-rule-exclusions-before.conf b/plugins/wordpress-rule-exclusions-before.conf index b679531..8d103a9 100644 --- a/plugins/wordpress-rule-exclusions-before.conf +++ b/plugins/wordpress-rule-exclusions-before.conf @@ -231,7 +231,7 @@ SecRule REQUEST_FILENAME "@endsWith /index.php" \ # Cannot update page|post in WordPress due to `x-http-method-override` header. # This rule is a copy of rule 900250 and must be synchronised with that rule. -SecRule REQUEST_FILENAME "@rx /wp-json/wp/v[0-9]+/(?:posts|pages|users|templates)" \ +SecRule REQUEST_FILENAME "@rx /wp-json/wp/v[0-9]+/(?:posts|pages|users|templates|navigation)" \ "id:9507146,\ phase:1,\ pass,\ From d0aceb67e719b34f714837ca18fdfc2978b32df3 Mon Sep 17 00:00:00 2001 From: azurit Date: Tue, 25 Jun 2024 14:07:51 +0200 Subject: [PATCH 2/3] Update wordpress-rule-exclusions-before.conf --- plugins/wordpress-rule-exclusions-before.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/wordpress-rule-exclusions-before.conf b/plugins/wordpress-rule-exclusions-before.conf index 8d103a9..1513b4e 100644 --- a/plugins/wordpress-rule-exclusions-before.conf +++ b/plugins/wordpress-rule-exclusions-before.conf @@ -131,7 +131,7 @@ SecRule REQUEST_FILENAME "@endsWith /wp-admin/admin-ajax.php" \ # # Gutenberg -SecRule REQUEST_FILENAME "@rx /wp-json/wp/v[0-9]+/(?:posts|pages|templates)" \ +SecRule REQUEST_FILENAME "@rx /wp-json/wp/v[0-9]+/(?:posts|pages|templates|navigation)" \ "id:9507140,\ phase:1,\ pass,\ From 7a8bea6a967f949cb4299234660dde5425e8554e Mon Sep 17 00:00:00 2001 From: azurit Date: Wed, 26 Jun 2024 09:17:25 +0200 Subject: [PATCH 3/3] Update wordpress-rule-exclusions-before.conf --- plugins/wordpress-rule-exclusions-before.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/plugins/wordpress-rule-exclusions-before.conf b/plugins/wordpress-rule-exclusions-before.conf index 1513b4e..9c7826e 100644 --- a/plugins/wordpress-rule-exclusions-before.conf +++ b/plugins/wordpress-rule-exclusions-before.conf @@ -239,9 +239,9 @@ SecRule REQUEST_FILENAME "@rx /wp-json/wp/v[0-9]+/(?:posts|pages|users|templates nolog,\ ver:'wordpress-rule-exclusions-plugin/1.0.1',\ chain" - SecRule REQUEST_METHOD "@streq POST" \ + SecRule &REQUEST_HEADERS:x-http-method-override "!@eq 0" \ "t:none,\ - setvar:'tx.restricted_headers_basic=/content-encoding/ /proxy/ /lock-token/ /content-range/ /if/ /x-http-method/ /x-method-override/'" + ctl:ruleRemoveById=920450" # Loading tags/catagories for pages/posts # Obtaining metadata for pages/posts