From 78c21afb54a62af55bc945d26bf4f0af3b1338af Mon Sep 17 00:00:00 2001 From: azurit Date: Wed, 26 Jun 2024 09:18:45 +0200 Subject: [PATCH] fix: false positive related to navigation menu update (#47) * Update wordpress-rule-exclusions-before.conf * Update wordpress-rule-exclusions-before.conf * Update wordpress-rule-exclusions-before.conf --- plugins/wordpress-rule-exclusions-before.conf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/plugins/wordpress-rule-exclusions-before.conf b/plugins/wordpress-rule-exclusions-before.conf index b679531..9c7826e 100644 --- a/plugins/wordpress-rule-exclusions-before.conf +++ b/plugins/wordpress-rule-exclusions-before.conf @@ -131,7 +131,7 @@ SecRule REQUEST_FILENAME "@endsWith /wp-admin/admin-ajax.php" \ # # Gutenberg -SecRule REQUEST_FILENAME "@rx /wp-json/wp/v[0-9]+/(?:posts|pages|templates)" \ +SecRule REQUEST_FILENAME "@rx /wp-json/wp/v[0-9]+/(?:posts|pages|templates|navigation)" \ "id:9507140,\ phase:1,\ pass,\ @@ -231,7 +231,7 @@ SecRule REQUEST_FILENAME "@endsWith /index.php" \ # Cannot update page|post in WordPress due to `x-http-method-override` header. # This rule is a copy of rule 900250 and must be synchronised with that rule. -SecRule REQUEST_FILENAME "@rx /wp-json/wp/v[0-9]+/(?:posts|pages|users|templates)" \ +SecRule REQUEST_FILENAME "@rx /wp-json/wp/v[0-9]+/(?:posts|pages|users|templates|navigation)" \ "id:9507146,\ phase:1,\ pass,\ @@ -239,9 +239,9 @@ SecRule REQUEST_FILENAME "@rx /wp-json/wp/v[0-9]+/(?:posts|pages|users|templates nolog,\ ver:'wordpress-rule-exclusions-plugin/1.0.1',\ chain" - SecRule REQUEST_METHOD "@streq POST" \ + SecRule &REQUEST_HEADERS:x-http-method-override "!@eq 0" \ "t:none,\ - setvar:'tx.restricted_headers_basic=/content-encoding/ /proxy/ /lock-token/ /content-range/ /if/ /x-http-method/ /x-method-override/'" + ctl:ruleRemoveById=920450" # Loading tags/catagories for pages/posts # Obtaining metadata for pages/posts