HEX
Server: Apache
System: Linux dinesh8149 5.15.98-grsec-sharedvalley-2.lc.el8.x86_64 #1 SMP Thu Mar 9 09:07:30 -03 2023 x86_64
User: usesambura1 (1212012)
PHP: 7.0.33
Disabled: apache_child_terminate,dl,escapeshellarg,escapeshellcmd,exec,link,mail,openlog,passthru,pcntl_alarm,pcntl_exec,pcntl_fork,pcntl_get_last_error,pcntl_getpriority,pcntl_setpriority,pcntl_signal,pcntl_signal_dispatch,pcntl_sigprocmask,pcntl_sigtimedwait,pcntl_sigwaitinfo,pcntl_strerror,pcntl_wait,pcntl_waitpid,pcntl_wexitstatus,pcntl_wifexited,pcntl_wifsignaled,pcntl_wifstopped,pcntl_wstopsig,pcntl_wtermsig,php_check_syntax,php_strip_whitespace,popen,proc_close,proc_open,shell_exec,symlink,system
$ pwd: /etc/nginx/modsec/
Upload Files
File: //etc/nginx/modsec/crs-wordpress-exclusions.conf
# ------------------------------------------------------------------------
# EXCLUSÕES CRS PARA WORDPRESS
# Resolve falsos positivos do OWASP CRS em aplicações WordPress
# ------------------------------------------------------------------------

#
# -- [[ AUMENTAR THRESHOLD PARA WORDPRESS ]] --
#
# Aumentar limite de anomalia para páginas do WordPress
SecRule REQUEST_FILENAME "@rx ^/wp-" \
    "id:900100,\
    phase:1,\
    pass,\
    nolog,\
    tag:'OWASP_CRS',\
    ver:'OWASP_CRS/4.7.0-dev',\
    setvar:'tx.inbound_anomaly_score_threshold=15'"

#
# -- [[ EXCLUSÕES ESPECÍFICAS WP-LOGIN.PHP ]] --
#
# Desabilitar regras problemáticas para wp-login.php
SecRule REQUEST_FILENAME "@endsWith /wp-login.php" \
    "id:900101,\
    phase:1,\
    pass,\
    nolog,\
    tag:'OWASP_CRS',\
    ver:'OWASP_CRS/4.7.0-dev',\
    ctl:ruleRemoveById=920230,\
    ctl:ruleRemoveById=920300,\
    ctl:ruleRemoveById=920440,\
    ctl:ruleRemoveById=921110,\
    ctl:ruleRemoveById=921120"

#
# -- [[ EXCLUSÕES PARA WP-ADMIN ]] --
#
# Exclusões para área administrativa do WordPress
SecRule REQUEST_FILENAME "@beginsWith /wp-admin/" \
    "id:900102,\
    phase:1,\
    pass,\
    nolog,\
    tag:'OWASP_CRS',\
    ver:'OWASP_CRS/4.7.0-dev',\
    setvar:'tx.inbound_anomaly_score_threshold=20',\
    ctl:ruleRemoveById=920230,\
    ctl:ruleRemoveById=920300"

#
# -- [[ EXCLUSÕES PARA XMLRPC.PHP ]] --
#
# Ajustes para XML-RPC (mantendo proteção contra ataques)
SecRule REQUEST_FILENAME "@endsWith /xmlrpc.php" \
    "id:900103,\
    phase:1,\
    pass,\
    nolog,\
    tag:'OWASP_CRS',\
    ver:'OWASP_CRS/4.7.0-dev',\
    ctl:ruleRemoveById=920230"

#
# -- [[ EXCLUSÕES PARA UPLOADS ]] --
#
# Exclusões para upload de arquivos WordPress
SecRule REQUEST_FILENAME "@beginsWith /wp-content/uploads/" \
    "id:900104,\
    phase:1,\
    pass,\
    nolog,\
    tag:'OWASP_CRS',\
    ver:'OWASP_CRS/4.7.0-dev',\
    ctl:ruleRemoveById=920230,\
    ctl:ruleRemoveById=920440"

#
# -- [[ EXCLUSÕES PARA AJAX ]] --
#
# Ajustes para requisições AJAX do WordPress
SecRule REQUEST_FILENAME "@endsWith /admin-ajax.php" \
    "id:900105,\
    phase:1,\
    pass,\
    nolog,\
    tag:'OWASP_CRS',\
    ver:'OWASP_CRS/4.7.0-dev',\
    setvar:'tx.inbound_anomaly_score_threshold=10'"

#
# -- [[ MODO DETECÇÃO APENAS PARA WORDPRESS (OPCIONAL) ]] --
#
# Descomente para colocar WordPress em modo detecção apenas
# SecRule REQUEST_FILENAME "@rx ^/wp-" \
#     "id:900106,\
#     phase:1,\
#     pass,\
#     nolog,\
#     tag:'OWASP_CRS',\
#     ver:'OWASP_CRS/4.7.0-dev',\
#     ctl:ruleEngine=DetectionOnly"

# Marca de fim das exclusões WordPress
SecMarker "END-WORDPRESS-CRS-EXCLUSIONS"
@ Telegram