Na}{

File Content: `REQUEST-00-LOCAL-WHITELIST.conf`

#Whitelist Piwik from RFI checks
SecRule REQUEST_URI "@pm /piwik.php" "id:1001, phase:1,pass,nolog,ctl:ruleRemoveByTag=attack-rfi"

#autodiscover.xml don't block known Mail UAs. Don't want to F2B customers
SecRule REQUEST_HEADERS:User-Agent "@pm Office MacOutlook Android-SAMSUNG-SM-" "id:1002,pass,nolog,ctl:ruleRemoveByTag=attack-sqli"

SecRule REQUEST_URI "@pm /autodiscover/autodiscover.xml" "id:1003,phase:1,pass,nolog,ctl:ruleRemoveByTag=attack-sqli,ctl:ruleRemoveById=941100-941380"

#wc-ajax exempt from SQLi
SecRule REQUEST_URI "@pm /?wc-ajax" "id:1004,phase:1,pass,nolog,ctl:ruleRemoveByTag=attack-sqli"

# Whitelist for ManageWP Requests
SecRule REQUEST_URI "@pm wp-load.php"  "chain,id:1005,pass,nolog,ctl:ruleRemoveByTag=attack-sqli"
	SecRule ARGS_NAMES "mwprid"

# Wordpress admin-ajax and admin exempt from attack rules.
SecRule REQUEST_URI "@pm /wp-admin/admin-ajax.php" "id:1006,phase:1,pass,nolog,ctl:ruleRemoveByTag=attack-sqli,ctl:ruleRemoveByTag=attack-rfi,ctl:ruleRemoveByTag=attack-rce,ctl:ruleRemoveByTag=attack-generic"
SecRule REQUEST_URI "@pm /wp-admin/admin.php" "id:1007,phase:1,pass,nolog,ctl:ruleRemoveByTag=attack-sqli,ctl:ruleRemoveByTag=attack-lfi,ctl:ruleRemoveByTag=attack-rfi,ctl:ruleRemoveByTag=attack-rce,ctl:ruleRemoveByTag=attack-generic"
SecRule REQUEST_URI "@pm /wp-admin/post.php" "id:1009,phase:1,pass,nolog,ctl:ruleRemoveByTag=attack-sqli,ctl:ruleRemoveByTag=attack-lfi,ctl:ruleRemoveByTag=attack-rfi,ctl:ruleRemoveByTag=attack-rce,ctl:ruleRemoveByTag=attack-generic"
SecRule REQUEST_URI "@pm /wp-admin/options.php" "id:1010,phase:1,pass,nolog,ctl:ruleRemoveByTag=attack-sqli,ctl:ruleRemoveByTag=attack-lfi,ctl:ruleRemoveByTag=attack-rfi,ctl:ruleRemoveByTag=attack-rce,ctl:ruleRemoveByTag=attack-generic"
SecRule REQUEST_URI "@pm /wp-admin/edit.php" "id:1015,phase:1,pass,nolog,ctl:ruleRemoveByTag=attack-sqli,ctl:ruleRemoveByTag=attack-lfi,ctl:ruleRemoveByTag=attack-rfi,ctl:ruleRemoveByTag=attack-rce,ctl:ruleRemoveByTag=attack-generic"

#Wordpress whitelist aliexpress wp plugin
SecRule REQUEST_URI "@pm /wp-json/woocommerce_aliexpress_dropship/" "id:1008,ctl:ruleRemoveById=1990070"

#WordPress WhiteLists vs. RCE
SecRule REQUEST_HEADERS:Referer "@pm /options-general.php" "id:1011, phase:1,pass,ctl:ruleRemoveByTag=attack-rce"
SecRule REQUEST_HEADERS:Referer "@pm /admin.php?page=layerslider&action" "id:1012, phase:1,pass,ctl:ruleRemoveByTag=attack-rce"
SecRule REQUEST_URI "@pm /wp-admin/admin-ajax.php" "chain,id:1013,phase:2,pass,ctl:ruleRemovebyTag=attack-rce"
	SecRule ARGS:query "@pm timeout"

SecRule REQUEST_URI "@pm /adm/index.php?sid=" "chain,id:1014,phase:1,pass,ctl:ruleRemovebyTag=attack-lfi"
	 SecRule REQUEST_METHOD "@streq POST"

#WordPress Whitelist vs PHP
SecRule REQUEST_HEADERS:Referer "@pm /wp-admin/admin.php?page=gf_edit_forms" "id:1016, phase:1,pass,ctl:ruleRemoveByTag=attack-xss"
SecRule ARGS_NAMES "@pm jform[" "id:1017, phase:1,pass,ctl:ruleRemoveByTag=attack-xss"
SecRule REQUEST_HEADERS:User-Agent "@pm SFDC-Callout/" "id:1018, phase:1, pass , ctl:ruleRemoveByTag=attack-xss"
SecRule ARGS_NAMES "@pm mepr-emails" "id:1019, phase:1, pass, ctl:ruleRemoveByTag=attack-xss"

#Moodle WhiteList AutoSave from XSS
SecRule REQUEST_URI "@pm /lib/editor/atto/autosave-ajax.php" "chain,id:1020,phase:1,pass,ctl:ruleRemoveByTag=attack-xss"
	SecRule REQUEST_METHOD "@streq POST"

#Oxygen Editor WhiteList
SecRule REQUEST_URI "@pm ct_save_components_tree" "chain,id:1021,phase:1,allow,ctl:ruleEngine=Off"
	SecRule REQUEST_METHOD "@streq POST"

#WordPress PHP Injection in editor
SecRule REQUEST_URI "@pm /wp-admin/admin-ajax.php" "id:1022,phase:1,pass,nolog,ctl:ruleRemoveByTag=attack-injection-php"

SecRule REQUEST_URI "@pm /update-zone" "id:1023,phase:1,pass,nolog,ctl:ruleRemoveByTag=attack-sqli"

#WordPress Contact Form 7 Whitelist
SecRule REQUEST_URI "@pm /wp-json/contact-form-7" "id:1024,phase:1,pass,nolog,ctl:ruleRemoveByTag=attack-injection-php"

#Joomla Whitelist administrator page /administrator/index.php
SecRule REQUEST_URI "@pm /administrator/index.php" "id:1025,phase:1,pass,nolog,ctl:ruleRemoveByTag=attack-sqli,ctl:ruleRemoveByTag=attack-rce"

#Opencart whitelist administrator page
SecRule REQUEST_URI "@pm /admin/index.php" "id:1026,phase:1,pass,nolog,ctl:ruleRemoveByTag=attack-rce"

#Mercurial Repo whitelist publishing
SecRule REQUEST_URI "@pm /hgweb.cgi" "id:1027,phase:1,pass,nolog,ctl:ruleEngine=Off"

#ProcessWire whitelist admin edit page
SecRule REQUEST_URI "@pm /login/page/edit/" "id:1028,phase:1,pass,nolog,ctl:ruleEngine=Off"

#DokuWiki whitelist upload
SecRule REQUEST_URI "@pm /exe/ajax.php" "id:1029,phase:1,pass,nolog,ctl:ruleEngine=Off"

#Next/Owncloud dav files whitelist
SecRule REQUEST_URI "@pm /remote.php/dav/files/" "id:1030,phase:1,pass,nolog,ctl:ruleEngine=Off"

#Next/Owncloud dav uploads whitelist
SecRule REQUEST_URI "@pm /remote.php/dav/uploads/" "id:1031,phase:1,pass,nolog,ctl:ruleEngine=Off"

#Next/Owncloud dav calendars whitelist
SecRule REQUEST_URI "@pm /remote.php/dav/calendars/" "id:1032,phase:1,pass,nolog,ctl:ruleEngine=Off"

#Processwire CMS page edit whitelist
SecRule REQUEST_URI "@pm /processwire/page/edit/" "id:1033,phase:1,pass,nolog,ctl:ruleEngine=Off"

#Exclude Wordpress Cookie: wordpress_sec
SecRule REQUEST_COOKIES:wordpress_sec "@rx ^[0-9a-f]+\|\|\d+\|\|\d+$" "id:1034,phase:1,pass,t:none,nolog,chain"
	SecRule &REQUEST_COOKIES:wordpress_sec "@eq 1" "t:none, ctl:ruleRemoveTargetById=942100;REQUEST_COOKIES:wordpress_sec"

#Whitelist nav-menu.php from attack-protocol
SecRule REQUEST_URI "@pm wp-admin/includes/nav-menu.php" "id:1035,phase:1,pass,nolog,ctl:ruleRemoveByTag=attack-protocol"

#Whitelist Wordpress wp-admin/themes.php referer
SecRule REQUEST_HEADERS:Referer "@pm wp-admin/themes.php" "id:1036, phase:2,pass,ctl:ruleRemoveByTag=attack-rce"

#Jetpack-boost whitelist rule. Prevents anomaly-score breaking Jetpack.
SecRule REQUEST_URI "@pm /wp-json/jetpack-boost/v1/critical-css/?:(core_front_page|singular_page)/success" "id:1037,phase:1,pass,nolog,ctl:ruleEngine=off"

#Wpmudev backup whitelist rule.
SecRule REQUEST_URI "@pm /wp-load.php?wpmudev-hub" "id:1038,phase:1,pass,nolog,ctl:ruleRemoveById=921130"

#AmazonProductImporter plug-in whitelist
SecRule REQUEST_URI "@pm /amazonproductimporter" "id:1039,phase:1,pass,nolog,ctl:ruleEngine=Off"

#WhiteList Stripe User-Agent
SecRule REQUEST_HEADERS:User-Agent "@pm Stripe/1.0 (+https://stripe.com/docs/webhooks)" "id:1040,pass,nolog,ctl:ruleEngine=Off"

#Whitelist Site Editor on TwentyTwentyThree
SecRule ARGS:postId "@pm twentytwentythree" "id:1041,phase:1,pass,nolog,ctl:ruleRemoveById=942100,chain"
	SecRule REQUEST_URI "@pm /wp-admin/site-editor.php"

#Whitelist mothership directory per customer request
SecRule REQUEST_URI "@pm /mothership" "id:1042,phase:1,pass,nolog,ctl:ruleEngine=Off"

#stop viewing WordPress Site Editor as SQL Injection or generic attack
SecRule REQUEST_URI "@rx ^/wp-admin/site-editor\.php" "id:1043,phase:1,pass,nolog,ctl:ruleRemoveByTag=attack-sqli,ctl:ruleRemoveByTag=attack-generic"

#test rules
SecRule REQUEST_FILENAME "@endsWith /wp-json/wp/v2/global-styles" "id:1044,phase:2,pass,nolog,ctl:ruleRemoveById=942100"

SecRule &ARGS_NAMES:jetpack_publicize_connections.jetpack_publicize_connections.profile_picture "@gt 0" "id:1045,phase:1,pass,t:none,nolog,chain"
 	SecRule ARGS_NAMES:jetpack_publicize_connections.jetpack_publicize_connections.profile_picture "@contains .profile" "ctl:ruleRemoveById=930120"

SecRule ARGS "@rx f\(n\)" "id:1046,phase:2,nolog,pass,ctl:ruleRemoveById=942100"

SecRule REQUEST_COOKIES "@rx mcfw-wp-user-cookie" "id:1047,phase:2,nolog,pass,ctl:ruleRemoveById=942100"

#whitelist astra theme issues
SecRule REQUEST_URI "@contains /wp-json/wp/v2/pages/" "id:1048,phase:2,pass,nolog,ctl:ruleRemoveByTag=attack-sqli,ctl:ruleRemoveByTag=attack-generic;ARGS:meta.ast-content-background-meta.mobile.background-color"

# prevent 942100 catch on posting 
SecRule REQUEST_HEADERS:Referer "@contains wp-admin/post-new.php" "id:1049,phase:1,pass,nolog,ctl:ruleRemoveById=942100"

SecRule REQUEST_URI "@contains /wp-json/wp/v2/posts/" "id:1050,phase:2,pass,nolog,ctl:ruleRemoveById=942100"

#whitelists AI content generation in astra themes
SecRule REQUEST_URI "@contains /wp-json/zipwp/v1/" "id:1051,phase:1,pass,nolog,ctl:ruleRemoveById=949110"

#Moar AI whitelisting
SecRule REQUEST_URI "@contains /wp-json/wp/v2/templates/" "id:1052,phase:1,pass,nolog,ctl:ruleRemoveById=1990092"

# Disable rule 949110 for requests under /wp-json/
SecRule REQUEST_URI "^/wp-json/" "id:1053,phase:1,nolog,allow,ctl:ruleRemoveById=949110"

#Disable rule 949110 for requests under async-upload.php
SecRule REQUEST_URI "^/wp-admin/async-upload.php" "id:1054,phase:1,nolog,allow,ctl:ruleRemoveById=949110"

#clears issues with stripe
SecRule REQUEST_URI "@contains /wp-admin/" "id:1055,phase:1,nolog,allow,ctl:ruleRemoveById=1990091"

#Disable rule 942100 for requests under async-upload.php
SecRule REQUEST_URI "^/wp-admin/async-upload.php" "id:1056,phase:1,nolog,allow,ctl:ruleRemoveById=942100"

Name	Size	Permission
10_modsecurity_crs_10_config.conf	37009 bytes	0644
999_dreamhost_request_limits.conf	5308 bytes	0644
99_dreamhost_rules.conf	14332 bytes	0644
99_modsec-crs-setup.conf	32757 bytes	0644
REQUEST-00-LOCAL-WHITELIST.conf	9043 bytes	0644
REQUEST-901-INITIALIZATION.conf	14718 bytes	0644
REQUEST-903.9001-DRUPAL-EXCLUSION-RULES.conf	13555 bytes	0644
REQUEST-903.9002-WORDPRESS-EXCLUSION-RULES.conf	25812 bytes	0644
REQUEST-903.9003-NEXTCLOUD-EXCLUSION-RULES.conf	10642 bytes	0644
REQUEST-903.9004-DOKUWIKI-EXCLUSION-RULES.conf	7822 bytes	0644
REQUEST-905-COMMON-EXCEPTIONS.conf	1649 bytes	0644
REQUEST-911-METHOD-ENFORCEMENT.conf	2982 bytes	0644
REQUEST-913-SCANNER-DETECTION.conf	3622 bytes	0644
REQUEST-920-PROTOCOL-ENFORCEMENT.conf	64491 bytes	0644
REQUEST-921-PROTOCOL-ATTACK.conf	21029 bytes	0644
REQUEST-930-APPLICATION-ATTACK-LFI.conf	8134 bytes	0644
REQUEST-931-APPLICATION-ATTACK-RFI.conf	8932 bytes	0644
REQUEST-933-APPLICATION-ATTACK-PHP.conf	32894 bytes	0644
REQUEST-934-APPLICATION-ATTACK-NODEJS.conf	3927 bytes	0644
REQUEST-942-APPLICATION-ATTACK-SQLI.conf	96560 bytes	0644
REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION.conf	5628 bytes	0644
REQUEST-944-APPLICATION-ATTACK-JAVA.conf	22516 bytes	0644
REQUEST-949-BLOCKING-EVALUATION.conf	8176 bytes	0644
RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf	4122 bytes	0644
WPtoolUA.data	318 bytes	0644
cachefly.ips.data	166 bytes	0644
crawlers-user-agents.data	786 bytes	0644
dh_whitelist_ip.data	0 bytes	0644
fastly.ips.data	189 bytes	0644
incapsula.ips.data	110 bytes	0644
java-classes.data	1826 bytes	0644
java-code-leakages.data	264 bytes	0644
java-errors.data	240 bytes	0644
lfi-os-files.data	11712 bytes	0644
maxcdn.ips.data	623 bytes	0644
mod_sec.conf	2078 bytes	0644
modsecurity_46_slr_et_joomla.data	1731 bytes	0644
modsecurity_46_slr_et_wordpress.data	1729 bytes	0644
php-config-directives.data	12725 bytes	0644
php-errors.data	75989 bytes	0644
php-function-names-933150.data	3414 bytes	0644
php-function-names-933151.data	38099 bytes	0644
php-variables.data	610 bytes	0644
restricted-files.data	4066 bytes	0644
restricted-upload.data	2513 bytes	0644
scanners-headers.data	216 bytes	0644
scanners-urls.data	418 bytes	0644
scanners-user-agents.data	1950 bytes	0644
scripting-user-agents.data	717 bytes	0644
sig_inspect.lua	68157 bytes	0644
spam-mailer.data	84 bytes	0644
sql-errors.data	4373 bytes	0644
staminus.ips.data	228 bytes	0644
unix-shell.data	7837 bytes	0644
windows-powershell-commands.data	7222 bytes	0644

File Content: REQUEST-00-LOCAL-WHITELIST.conf

File Content: `REQUEST-00-LOCAL-WHITELIST.conf`