Fix webauthn FPs

coreruleset · Sep 23, 2023 · 25e0d96 · 25e0d96
1 parent 89dde06
commit 25e0d96
Showing 1 changed file with 32 additions and 1 deletion.
diff --git a/plugins/nextcloud-rule-exclusions-before.conf b/plugins/nextcloud-rule-exclusions-before.conf
@@ -696,6 +696,19 @@ SecRule REQUEST_FILENAME "@endsWith /logout" \
     ver:'nextcloud-rule-exclusions-plugin/1.0.0',\
     ctl:ruleRemoveTargetById=941120;ARGS:requesttoken"
 
+# Logging in with webauthn
+SecRule REQUEST_FILENAME "@endsWith /login/webauthn/finish" \
+    "id:9508421,\
+    phase:3,\
+    pass,\
+    t:none,\
+    nolog,\
+    ver:'nextcloud-rule-exclusions-plugin/1.0.0',\
+    chain"
+    SecRule RESPONSE_STATUS "@streq 500" \
+        "t:none,\
+        ctl:ruleRemoveById=950100"
+
 # Change Password and Setting up a new user/password
 SecRule REQUEST_FILENAME "@endsWith /settings/users" \
     "id:9508500,\
@@ -726,7 +739,7 @@ SecRule REQUEST_FILENAME "@rx /settings/personal/authtokens/[0-9]+$" \
     setvar:'tx.allowed_methods=%{tx.allowed_methods} PUT DELETE'"
 
 # When trying to remove a WebAuthn device
-SecRule REQUEST_FILENAME "@contains /settings/api/personal/webauthn/registration" \
+SecRule REQUEST_FILENAME "@rx /settings/api/personal/webauthn/registration/[0-9]+$" \
     "id:9508606,\
     phase:1,\
     pass,\
@@ -931,6 +944,24 @@ SecRule REQUEST_FILENAME "@rx /ocs/v[0-9]\.php/apps/theming/api/v[0-9]/theme/ope
     ver:'nextcloud-rule-exclusions-plugin/1.0.0',\
     setvar:'tx.allowed_methods=%{tx.allowed_methods} DELETE'"
 
+# Registering webauthn devices under Settings --> Personal --> Security --> Passwordless Authentication
+SecRule REQUEST_FILENAME "@endsWith /settings/api/personal/webauthn/registration" \
+    "id:9508624,\
+    phase:1,\
+    pass,\
+    t:none,\
+    nolog,\
+    ver:'nextcloud-rule-exclusions-plugin/1.0.0',\
+    ctl:ruleRemoveTargetById=942430;ARGS:json.data,\
+    ctl:ruleRemoveTargetById=942431;ARGS:json.data,\
+    ctl:ruleRemoveTargetById=942421;ARGS:json.data,\
+    ctl:ruleRemoveTargetById=942432;ARGS:json.data,\
+    ctl:ruleRemoveTargetById=920273;ARGS:json.data,\
+    ctl:ruleRemoveTargetById=942370;ARGS:json.data,\
+    ctl:ruleRemoveTargetById=942340;ARGS:json.data,\
+    ctl:ruleRemoveTargetById=942260;ARGS:json.data,\
+    ctl:ruleRemoveTargetById=942200;ARGS:json.data"
+
 #
 # [ Notifications ]
 #