OWASP Modsecurity CRS - How to add new rule?

khongngu · March 8, 2019, 9:25am

I enabled owasp, wordpress failed to add the port.
I need to add rule: REQUEST-903.9002-WORDPRESS-EXCLUSION-RULES.conf

SpiderLabs/owasp-modsecurity-crs/blob/v3.2/dev/rules/REQUEST-903.9002-WORDPRESS-EXCLUSION-RULES.conf

# ------------------------------------------------------------------------
# OWASP ModSecurity Core Rule Set ver.3.2.0
# Copyright (c) 2006-2019 Trustwave and contributors. All rights reserved.
#
# The OWASP ModSecurity Core Rule Set is distributed under
# Apache Software License (ASL) version 2
# Please see the enclosed LICENSE file for full details.
# ------------------------------------------------------------------------

# These exclusions remedy false positives in a default WordPress install.
# The exclusions are only active if crs_exclusions_wordpress=1 is set.
# See rule 900130 in crs-setup.conf.example for instructions.
#
# Note that the WordPress comment field itself is currently NOT excluded
# from checking. The reason is that malicious content is regularly being
# posted to WordPress comment forms, and there have been various cases
# of XSS and even RCE vulnerabilities exploited by WordPress comments.

SecRule &TX:crs_exclusions_wordpress|TX:crs_exclusions_wordpress "@eq 0" \
    "id:9002000,\

This file has been truncated. show original

How do add?

boon4376 · May 10, 2019, 8:51pm

In openlistespeed admin, go to server configuration → modules → mod_security

Add a line for:
modsecurity_rules_file /usr/local/lsws/conf/modsec/owasp/rules/REQUEST-903.9002-WORDPRESS-EXCLUSION-RULES.conf

This file already exists, it’s just not part of the parameters.

harvey · July 17, 2020, 1:47am

@boon4376 This worked well. Thanks!

Any chance you can help me with these WordPress rules?