Your IP : 216.73.216.209


Current Path : /etc/modsecurity/mod_sec3_CRS/
Upload File :
Current File : //etc/modsecurity/mod_sec3_CRS/REQUEST-00-LOCAL-WHITELIST.conf

#Whitelist Piwik from RFI checks
SecRule REQUEST_URI "@pm /piwik.php" "id:1001, phase:1,pass,nolog,ctl:ruleRemoveByTag=attack-rfi"

#autodiscover.xml don't block known Mail UAs. Don't want to F2B customers
SecRule REQUEST_HEADERS:User-Agent "@pm Office MacOutlook Android-SAMSUNG-SM-" "id:1002,pass,nolog,ctl:ruleRemoveByTag=attack-sqli"

SecRule REQUEST_URI "@pm /autodiscover/autodiscover.xml" "id:1003,phase:1,pass,nolog,ctl:ruleRemoveByTag=attack-sqli,ctl:ruleRemoveById=941100-941380"

#wc-ajax exempt from SQLi
SecRule REQUEST_URI "@pm /?wc-ajax" "id:1004,phase:1,pass,nolog,ctl:ruleRemoveByTag=attack-sqli"

# Whitelist for ManageWP Requests
SecRule REQUEST_URI "@pm wp-load.php"  "chain,id:1005,pass,nolog,ctl:ruleRemoveByTag=attack-sqli"
	SecRule ARGS_NAMES "mwprid"

# Wordpress admin-ajax and admin exempt from attack rules.
SecRule REQUEST_URI "@pm /wp-admin/admin-ajax.php" "id:1006,phase:1,pass,nolog,ctl:ruleRemoveByTag=attack-sqli,ctl:ruleRemoveByTag=attack-rfi,ctl:ruleRemoveByTag=attack-rce,ctl:ruleRemoveByTag=attack-generic"
SecRule REQUEST_URI "@pm /wp-admin/admin.php" "id:1007,phase:1,pass,nolog,ctl:ruleRemoveByTag=attack-sqli,ctl:ruleRemoveByTag=attack-lfi,ctl:ruleRemoveByTag=attack-rfi,ctl:ruleRemoveByTag=attack-rce,ctl:ruleRemoveByTag=attack-generic"
SecRule REQUEST_URI "@pm /wp-admin/post.php" "id:1009,phase:1,pass,nolog,ctl:ruleRemoveByTag=attack-sqli,ctl:ruleRemoveByTag=attack-lfi,ctl:ruleRemoveByTag=attack-rfi,ctl:ruleRemoveByTag=attack-rce,ctl:ruleRemoveByTag=attack-generic"
SecRule REQUEST_URI "@pm /wp-admin/options.php" "id:1010,phase:1,pass,nolog,ctl:ruleRemoveByTag=attack-sqli,ctl:ruleRemoveByTag=attack-lfi,ctl:ruleRemoveByTag=attack-rfi,ctl:ruleRemoveByTag=attack-rce,ctl:ruleRemoveByTag=attack-generic"
SecRule REQUEST_URI "@pm /wp-admin/edit.php" "id:1015,phase:1,pass,nolog,ctl:ruleRemoveByTag=attack-sqli,ctl:ruleRemoveByTag=attack-lfi,ctl:ruleRemoveByTag=attack-rfi,ctl:ruleRemoveByTag=attack-rce,ctl:ruleRemoveByTag=attack-generic"

#Wordpress whitelist aliexpress wp plugin
SecRule REQUEST_URI "@pm /wp-json/woocommerce_aliexpress_dropship/" "id:1008,ctl:ruleRemoveById=1990070"

#WordPress WhiteLists vs. RCE
SecRule REQUEST_HEADERS:Referer "@pm /options-general.php" "id:1011, phase:1,pass,ctl:ruleRemoveByTag=attack-rce"
SecRule REQUEST_HEADERS:Referer "@pm /admin.php?page=layerslider&action" "id:1012, phase:1,pass,ctl:ruleRemoveByTag=attack-rce"
SecRule REQUEST_URI "@pm /wp-admin/admin-ajax.php" "chain,id:1013,phase:2,pass,ctl:ruleRemovebyTag=attack-rce"
	SecRule ARGS:query "@pm timeout"

SecRule REQUEST_URI "@pm /adm/index.php?sid=" "chain,id:1014,phase:1,pass,ctl:ruleRemovebyTag=attack-lfi"
	 SecRule REQUEST_METHOD "@streq POST"

#WordPress Whitelist vs PHP
SecRule REQUEST_HEADERS:Referer "@pm /wp-admin/admin.php?page=gf_edit_forms" "id:1016, phase:1,pass,ctl:ruleRemoveByTag=attack-xss"
SecRule ARGS_NAMES "@pm jform[" "id:1017, phase:1,pass,ctl:ruleRemoveByTag=attack-xss"
SecRule REQUEST_HEADERS:User-Agent "@pm SFDC-Callout/" "id:1018, phase:1, pass , ctl:ruleRemoveByTag=attack-xss"
SecRule ARGS_NAMES "@pm mepr-emails" "id:1019, phase:1, pass, ctl:ruleRemoveByTag=attack-xss"

#Moodle WhiteList AutoSave from XSS
SecRule REQUEST_URI "@pm /lib/editor/atto/autosave-ajax.php" "chain,id:1020,phase:1,pass,ctl:ruleRemoveByTag=attack-xss"
	SecRule REQUEST_METHOD "@streq POST"

#Oxygen Editor WhiteList
SecRule REQUEST_URI "@pm ct_save_components_tree" "chain,id:1021,phase:1,allow,ctl:ruleEngine=Off"
	SecRule REQUEST_METHOD "@streq POST"

#WordPress PHP Injection in editor
SecRule REQUEST_URI "@pm /wp-admin/admin-ajax.php" "id:1022,phase:1,pass,nolog,ctl:ruleRemoveByTag=attack-injection-php"

SecRule REQUEST_URI "@pm /update-zone" "id:1023,phase:1,pass,nolog,ctl:ruleRemoveByTag=attack-sqli"

#WordPress Contact Form 7 Whitelist
SecRule REQUEST_URI "@pm /wp-json/contact-form-7" "id:1024,phase:1,pass,nolog,ctl:ruleRemoveByTag=attack-injection-php"

#Joomla Whitelist administrator page /administrator/index.php
SecRule REQUEST_URI "@pm /administrator/index.php" "id:1025,phase:1,pass,nolog,ctl:ruleRemoveByTag=attack-sqli,ctl:ruleRemoveByTag=attack-rce"

#Opencart whitelist administrator page
SecRule REQUEST_URI "@pm /admin/index.php" "id:1026,phase:1,pass,nolog,ctl:ruleRemoveByTag=attack-rce"

#Mercurial Repo whitelist publishing
SecRule REQUEST_URI "@pm /hgweb.cgi" "id:1027,phase:1,pass,nolog,ctl:ruleEngine=Off"

#ProcessWire whitelist admin edit page
SecRule REQUEST_URI "@pm /login/page/edit/" "id:1028,phase:1,pass,nolog,ctl:ruleEngine=Off"

#DokuWiki whitelist upload
SecRule REQUEST_URI "@pm /exe/ajax.php" "id:1029,phase:1,pass,nolog,ctl:ruleEngine=Off"

#Next/Owncloud dav files whitelist
SecRule REQUEST_URI "@pm /remote.php/dav/files/" "id:1030,phase:1,pass,nolog,ctl:ruleEngine=Off"

#Next/Owncloud dav uploads whitelist
SecRule REQUEST_URI "@pm /remote.php/dav/uploads/" "id:1031,phase:1,pass,nolog,ctl:ruleEngine=Off"

#Next/Owncloud dav calendars whitelist
SecRule REQUEST_URI "@pm /remote.php/dav/calendars/" "id:1032,phase:1,pass,nolog,ctl:ruleEngine=Off"

#Processwire CMS page edit whitelist
SecRule REQUEST_URI "@pm /processwire/page/edit/" "id:1033,phase:1,pass,nolog,ctl:ruleEngine=Off"

#Exclude Wordpress Cookie: wordpress_sec
SecRule REQUEST_COOKIES:wordpress_sec "@rx ^[0-9a-f]+\|\|\d+\|\|\d+$" "id:1034,phase:1,pass,t:none,nolog,chain"
	SecRule &REQUEST_COOKIES:wordpress_sec "@eq 1" "t:none, ctl:ruleRemoveTargetById=942100;REQUEST_COOKIES:wordpress_sec"

#Whitelist nav-menu.php from attack-protocol
SecRule REQUEST_URI "@pm wp-admin/includes/nav-menu.php" "id:1035,phase:1,pass,nolog,ctl:ruleRemoveByTag=attack-protocol"

#Whitelist Wordpress wp-admin/themes.php referer
SecRule REQUEST_HEADERS:Referer "@pm wp-admin/themes.php" "id:1036, phase:2,pass,ctl:ruleRemoveByTag=attack-rce"

#Jetpack-boost whitelist rule. Prevents anomaly-score breaking Jetpack.
SecRule REQUEST_URI "@pm /wp-json/jetpack-boost/v1/critical-css/?:(core_front_page|singular_page)/success" "id:1037,phase:1,pass,nolog,ctl:ruleEngine=off"

#Wpmudev backup whitelist rule.
SecRule REQUEST_URI "@pm /wp-load.php?wpmudev-hub" "id:1038,phase:1,pass,nolog,ctl:ruleRemoveById=921130"

#AmazonProductImporter plug-in whitelist
SecRule REQUEST_URI "@pm /amazonproductimporter" "id:1039,phase:1,pass,nolog,ctl:ruleEngine=Off"

#WhiteList Stripe User-Agent
SecRule REQUEST_HEADERS:User-Agent "@pm Stripe/1.0 (+https://stripe.com/docs/webhooks)" "id:1040,pass,nolog,ctl:ruleEngine=Off"

#Whitelist Site Editor on TwentyTwentyThree
SecRule ARGS:postId "@pm twentytwentythree" "id:1041,phase:1,pass,nolog,ctl:ruleRemoveById=942100,chain"
	SecRule REQUEST_URI "@pm /wp-admin/site-editor.php"

#Whitelist mothership directory per customer request
SecRule REQUEST_URI "@pm /mothership" "id:1042,phase:1,pass,nolog,ctl:ruleEngine=Off"

#stop viewing WordPress Site Editor as SQL Injection or generic attack
SecRule REQUEST_URI "@rx ^/wp-admin/site-editor\.php" "id:1043,phase:1,pass,nolog,ctl:ruleRemoveByTag=attack-sqli,ctl:ruleRemoveByTag=attack-generic"

#test rules
SecRule REQUEST_FILENAME "@endsWith /wp-json/wp/v2/global-styles" "id:1044,phase:2,pass,nolog,ctl:ruleRemoveById=942100"

SecRule &ARGS_NAMES:jetpack_publicize_connections.jetpack_publicize_connections.profile_picture "@gt 0" "id:1045,phase:1,pass,t:none,nolog,chain"
 	SecRule ARGS_NAMES:jetpack_publicize_connections.jetpack_publicize_connections.profile_picture "@contains .profile" "ctl:ruleRemoveById=930120"

SecRule ARGS "@rx f\(n\)" "id:1046,phase:2,nolog,pass,ctl:ruleRemoveById=942100"

SecRule REQUEST_COOKIES "@rx mcfw-wp-user-cookie" "id:1047,phase:2,nolog,pass,ctl:ruleRemoveById=942100"

#whitelist astra theme issues
SecRule REQUEST_URI "@contains /wp-json/wp/v2/pages/" "id:1048,phase:2,pass,nolog,ctl:ruleRemoveByTag=attack-sqli,ctl:ruleRemoveByTag=attack-generic;ARGS:meta.ast-content-background-meta.mobile.background-color"

# prevent 942100 catch on posting 
SecRule REQUEST_HEADERS:Referer "@contains wp-admin/post-new.php" "id:1049,phase:1,pass,nolog,ctl:ruleRemoveById=942100"

SecRule REQUEST_URI "@contains /wp-json/wp/v2/posts/" "id:1050,phase:2,pass,nolog,ctl:ruleRemoveById=942100"

#whitelists AI content generation in astra themes
SecRule REQUEST_URI "@contains /wp-json/zipwp/v1/" "id:1051,phase:1,pass,nolog,ctl:ruleRemoveById=949110"

#Moar AI whitelisting
SecRule REQUEST_URI "@contains /wp-json/wp/v2/templates/" "id:1052,phase:1,pass,nolog,ctl:ruleRemoveById=1990092"

# Disable rule 949110 for requests under /wp-json/
SecRule REQUEST_URI "^/wp-json/" "id:1053,phase:1,nolog,allow,ctl:ruleRemoveById=949110"

#Disable rule 949110 for requests under async-upload.php
SecRule REQUEST_URI "^/wp-admin/async-upload.php" "id:1054,phase:1,nolog,allow,ctl:ruleRemoveById=949110"

#clears issues with stripe
SecRule REQUEST_URI "@contains /wp-admin/" "id:1055,phase:1,nolog,allow,ctl:ruleRemoveById=1990091"

#Disable rule 942100 for requests under async-upload.php
SecRule REQUEST_URI "^/wp-admin/async-upload.php" "id:1056,phase:1,nolog,allow,ctl:ruleRemoveById=942100"