fix: move ARGS_NAMES:users[0] to it's own rule

coreruleset · Nov 26, 2024 · 9d9a62a · 9d9a62a
1 parent 91889ff
commit 9d9a62a
Showing 1 changed file with 11 additions and 2 deletions.
diff --git a/plugins/wordpress-rule-exclusions-before.conf b/plugins/wordpress-rule-exclusions-before.conf
@@ -457,8 +457,6 @@ SecRule REQUEST_FILENAME "@unconditionalMatch" \
     pass,\
     t:none,\
     nolog,\
-    ctl:ruleRemoveTargetById=920273;ARGS_NAMES:users[0],\
-    ctl:ruleRemoveTargetById=942432;ARGS_NAMES:users[0],\
     ctl:ruleRemoveTargetById=932236;ARGS:nonce,\
     ctl:ruleRemoveTargetById=942450;ARGS:nonce,\
     ctl:ruleRemoveTargetById=932236;ARGS:ver,\
@@ -639,6 +637,17 @@ SecRule REQUEST_FILENAME "@rx /wp-admin/(?:admin|admin-ajax|edit|users)\.php$" \
     ctl:ruleRemoveTargetById=932236;ARGS_NAMES:ids,\
     ver:'wordpress-rule-exclusions-plugin/1.0.1'"
 
+# Managing users
+SecRule REQUEST_FILENAME "@endsWith /wp-admin/users.php" \
+    "id:9507602,\
+    phase:1,\
+    pass,\
+    t:none,\
+    nolog,\
+    ver:'wordpress-rule-exclusions-plugin/1.0.1',\
+    ctl:ruleRemoveTargetById=920273;ARGS_NAMES:users[0],\
+    ctl:ruleRemoveTargetById=942432;ARGS_NAMES:users[0]"
+
 #
 # [ Content editing ]
 #