From 64d88c1f3bf400f235fa6f6229c32c24aeb90e0e Mon Sep 17 00:00:00 2001
From: Esad Cetiner <104706115+EsadCetiner@users.noreply.github.com>
Date: Mon, 28 Oct 2024 20:44:02 +1100
Subject: [PATCH 1/5] fix: editing tag false positive

---
 plugins/wordpress-rule-exclusions-before.conf |  1 +
 .../9507350.yaml                              | 43 +++++++++++++++----
 2 files changed, 36 insertions(+), 8 deletions(-)

diff --git a/plugins/wordpress-rule-exclusions-before.conf b/plugins/wordpress-rule-exclusions-before.conf
index accf95f..28fc5fd 100644
--- a/plugins/wordpress-rule-exclusions-before.conf
+++ b/plugins/wordpress-rule-exclusions-before.conf
@@ -466,6 +466,7 @@ SecRule REQUEST_FILENAME "@unconditionalMatch" \
     ctl:ruleRemoveTargetById=931130;ARGS:_wp_http_referer,\
     ctl:ruleRemoveTargetById=932150;ARGS:_wp_http_referer,\
     ctl:ruleRemoveTargetById=932200;ARGS:_wp_http_referer,\
+    ctl:ruleRemoveTargetById=932235;ARGS:_wp_http_referer,\
     ctl:ruleRemoveTargetById=932236;ARGS:_wp_http_referer,\
     ctl:ruleRemoveTargetById=941100;ARGS:_wp_http_referer,\
     ctl:ruleRemoveTargetById=942130;ARGS:_wp_http_referer,\
diff --git a/tests/regression/wordpress-rule-exclusions-plugin/9507350.yaml b/tests/regression/wordpress-rule-exclusions-plugin/9507350.yaml
index 484648c..39ce340 100644
--- a/tests/regression/wordpress-rule-exclusions-plugin/9507350.yaml
+++ b/tests/regression/wordpress-rule-exclusions-plugin/9507350.yaml
@@ -20,7 +20,8 @@ tests:
             version: "HTTP/1.1"
             uri: /get/wp-admin/user-edit.php?user_id=9&wp_http_referer=%2Fwp-admin%2Fusers.php%3Fupdate%3Dadd%26id%3D9
           output:
-            no_log_contains: id "932236"
+            no_log_contains: |
+              id "920230"|id "932235"|id "932236"|id "942430"|id "942431"|id "942432"|id "942450"
   - test_title: 9507350-2
     desc: Deleteing a user account
     stages:
@@ -38,7 +39,7 @@ tests:
             uri: /post/wp-admin/users.php?s=&_wpnonce=random&_wp_http_referer=%2Fwp-admin%2Fusers.php&action=delete&new_role=&paged=1&users%5B0%5D=9&action2=delete&new_role2=
           output:
             no_log_contains: |
-              id "920230"|id "942430"|id "942431"|id "942432"
+              id "920230"|id "932235"|id "932236"|id "942430"|id "942431"|id "942432"|id "942450"
   - test_title: 9507350-3
     desc: Disable 932236 for randomly generated nonce
     stages:
@@ -54,7 +55,8 @@ tests:
             version: "HTTP/1.1"
             uri: /post/wp-admin/users.php?s=&_wpnonce=lsrandom&_wp_http_referer=%2Fwp-admin%2Fusers.php&action=delete&new_role=&paged=1&users%5B0%5D=9&action2=delete&new_role2=
           output:
-            no_log_contains: id "932236"
+            no_log_contains: |
+              id "920230"|id "932235"|id "932236"|id "942430"|id "942431"|id "942432"|id "942450"
   - test_title: 9507350-4
     desc: Disable 942450 for randomly generated nonce
     stages:
@@ -70,7 +72,8 @@ tests:
             version: "HTTP/1.1"
             uri: /post/wp-admin/users.php?s=&_wpnonce=0x0800random&_wp_http_referer=%2Fwp-admin%2Fusers.php&action=delete&new_role=&paged=1&users%5B0%5D=9&action2=delete&new_role2=
           output:
-            no_log_contains: id "942450"
+            no_log_contains: |
+              id "920230"|id "932235"|id "932236"|id "942430"|id "942431"|id "942432"|id "942450"
   - test_title: 9507350-5
     desc: Disable 932236 for randomly generated nonce
     stages:
@@ -86,7 +89,8 @@ tests:
             version: "HTTP/1.1"
             uri: /post/wp-admin/users.php?s=&nonce=lsrandom
           output:
-            no_log_contains: id "932236"
+            no_log_contains: |
+              id "920230"|id "932235"|id "932236"|id "942430"|id "942431"|id "942432"|id "942450"
   - test_title: 9507350-6
     desc: Disable 942450 for randomly generated nonce
     stages:
@@ -102,7 +106,8 @@ tests:
             version: "HTTP/1.1"
             uri: /post/wp-admin/users.php?s=&nonce=0x0800random
           output:
-            no_log_contains: id "942450"
+            no_log_contains: |
+              id "920230"|id "932235"|id "932236"|id "942430"|id "942431"|id "942432"|id "942450"
   - test_title: 9507350-7
     desc: Requesting a static file with randomly generated version
     stages:
@@ -118,7 +123,8 @@ tests:
             version: "HTTP/1.1"
             uri: /get/example.js?ver=lsrandom
           output:
-            no_log_contains: id "932236"
+            no_log_contains: |
+              id "920230"|id "932235"|id "932236"|id "942430"|id "942431"|id "942432"|id "942450"
   - test_title: 9507350-8
     desc: Requesting a static file with randomly generated version
     stages:
@@ -134,4 +140,25 @@ tests:
             version: "HTTP/1.1"
             uri: /get/example.js?ver=0x0000
           output:
-            no_log_contains: id "942450"
+            no_log_contains: |
+              id "920230"|id "932235"|id "932236"|id "942430"|id "942431"|id "942432"|id "942450"
+  - test_title: 9507350-9
+    desc: Editing tags
+    stages:
+      - stage:
+          input:
+            dest_addr: 127.0.0.1
+            headers:
+              Host: localhost
+              User-Agent: OWASP CRS test agent
+              Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
+              Content-Type: application/x-www-form-urlencoded
+            port: 80
+            method: POST
+            version: "HTTP/1.1"
+            uri: /post/wp-admin/edit-tags.php
+            data: |
+              _wp_http_referer=/wp-admin/term.php?taxonomy=post_tag&tag_ID=12&post_type=post&wp_http_referer=%2Fwp-admin%2Fedit-tags.php%3Ftaxonomy%3Dpost_tag
+          output:
+            no_log_contains: |
+              id "920230"|id "932235"|id "932236"|id "942430"|id "942431"|id "942432"|id "942450"

From cfb12aa8be8a1b51b342894b74ee99109fe84fd0 Mon Sep 17 00:00:00 2001
From: Esad Cetiner <104706115+EsadCetiner@users.noreply.github.com>
Date: Mon, 28 Oct 2024 20:56:59 +1100
Subject: [PATCH 2/5] fix: editing tag false positive

---
 plugins/wordpress-rule-exclusions-before.conf | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/plugins/wordpress-rule-exclusions-before.conf b/plugins/wordpress-rule-exclusions-before.conf
index 28fc5fd..3a7824d 100644
--- a/plugins/wordpress-rule-exclusions-before.conf
+++ b/plugins/wordpress-rule-exclusions-before.conf
@@ -457,6 +457,8 @@ SecRule REQUEST_FILENAME "@unconditionalMatch" \
     pass,\
     t:none,\
     nolog,\
+    ctl:ruleRemoveTargetById=920273;ARGS_NAMES:users[0],\
+    ctl:ruleRemoveTargetById=942432;ARGS_NAMES:users[0],\
     ctl:ruleRemoveTargetById=932236;ARGS:nonce,\
     ctl:ruleRemoveTargetById=942450;ARGS:nonce,\
     ctl:ruleRemoveTargetById=932236;ARGS:ver,\
@@ -478,6 +480,7 @@ SecRule REQUEST_FILENAME "@unconditionalMatch" \
     ctl:ruleRemoveTargetById=942432;ARGS:_wp_http_referer,\
     ctl:ruleRemoveTargetById=942440;ARGS:_wp_http_referer,\
     ctl:ruleRemoveTargetById=920230;ARGS:wp_http_referer,\
+    ctl:ruleRemoveTargetById=920273;ARGS:wp_http_referer,\
     ctl:ruleRemoveTargetById=931130;ARGS:wp_http_referer,\
     ctl:ruleRemoveTargetById=932150;ARGS:wp_http_referer,\
     ctl:ruleRemoveTargetById=932200;ARGS:wp_http_referer,\
@@ -489,6 +492,7 @@ SecRule REQUEST_FILENAME "@unconditionalMatch" \
     ctl:ruleRemoveTargetById=942230;ARGS:wp_http_referer,\
     ctl:ruleRemoveTargetById=942260;ARGS:wp_http_referer,\
     ctl:ruleRemoveTargetById=942431;ARGS:wp_http_referer,\
+    ctl:ruleRemoveTargetById=942432;ARGS:wp_http_referer,\
     ctl:ruleRemoveTargetById=932236;ARGS:_wpnonce,\
     ctl:ruleRemoveTargetById=942450;ARGS:_wpnonce,\
     ver:'wordpress-rule-exclusions-plugin/1.0.1'"

From 91889ff1415dfda68bd3534a4db90b35e6b3c4ab Mon Sep 17 00:00:00 2001
From: Esad Cetiner <104706115+EsadCetiner@users.noreply.github.com>
Date: Tue, 26 Nov 2024 22:56:18 +1100
Subject: [PATCH 3/5] fix: check log output correctly

---
 .../9507100.yaml                               |  4 ++--
 .../9507121.yaml                               |  2 +-
 .../9507139.yaml                               |  2 +-
 .../9507140.yaml                               |  2 +-
 .../9507201.yaml                               |  2 +-
 .../9507350.yaml                               | 18 +++++++++---------
 6 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/tests/regression/wordpress-rule-exclusions-plugin/9507100.yaml b/tests/regression/wordpress-rule-exclusions-plugin/9507100.yaml
index 1de7220..4c65f81 100644
--- a/tests/regression/wordpress-rule-exclusions-plugin/9507100.yaml
+++ b/tests/regression/wordpress-rule-exclusions-plugin/9507100.yaml
@@ -20,7 +20,7 @@ tests:
             version: "HTTP/1.1"
             uri: /post/wp-login.php?pwd=<script>
           output:
-            no_log_contains: |
+            no_log_contains: |-
               id "932236"|id "941110"
   - test_title: 9507100-2
     desc: ARGS:redirect_to tends to contain multiple special characters since it'll include the redirect URL
@@ -37,5 +37,5 @@ tests:
             version: "HTTP/1.1"
             uri: /post/wp-login.php?redirect_to=;;;;;;;;;;;;
           output:
-            no_log_contains: |
+            no_log_contains: |-
               id "942430"|id "942431"|id "942432"
diff --git a/tests/regression/wordpress-rule-exclusions-plugin/9507121.yaml b/tests/regression/wordpress-rule-exclusions-plugin/9507121.yaml
index 281eda7..faa82a8 100644
--- a/tests/regression/wordpress-rule-exclusions-plugin/9507121.yaml
+++ b/tests/regression/wordpress-rule-exclusions-plugin/9507121.yaml
@@ -22,5 +22,5 @@ tests:
             uri: /post/wp-admin/admin-ajax.php
             data: |
               log=test&pwd=%3Cscript%3E&redirect_to=https%3A%2F%2Fexample.com%2Fwp-admin%2F&testcookie=1
-            no_log_contains: |
+            no_log_contains: |-
               id "932236"|id "941110"
diff --git a/tests/regression/wordpress-rule-exclusions-plugin/9507139.yaml b/tests/regression/wordpress-rule-exclusions-plugin/9507139.yaml
index 5325a23..21c0b4d 100644
--- a/tests/regression/wordpress-rule-exclusions-plugin/9507139.yaml
+++ b/tests/regression/wordpress-rule-exclusions-plugin/9507139.yaml
@@ -23,5 +23,5 @@ tests:
             uri: /post/wp-json/wp/v2/global-styles/1?wp_theme_preview=twentytwentyfour&_locale=user
             data: |
               {"id":2934,"styles":{"blocks":{"core/site-title":{"typography":{"fontWeight":"400"}},"core/pullquote":{"typography":{"fontSize":"var(--wp--preset--font-size--large)","fontStyle":"normal","fontWeight":"normal","lineHeight":"1.2"}},"core/quote":{"variations":{"plain":{"typography":{"fontStyle":"normal","fontWeight":"400"}}},"typography":{"fontFamily":"var(--wp--preset--font-family--heading)","fontSize":"var(--wp--preset--font-size--large)","fontStyle":"normal"}},"core/navigation":{"typography":{"fontWeight":"400"}}},"elements":{"button":{"typography":{"fontFamily":"var(--wp--preset--font-family--heading)","fontSize":"var(--wp--preset--font-size--small)","fontStyle":"normal"}},"heading":{"color":{"background":"#ab5a5a"}}},"css":""}}
-            no_log_contains: |
+            no_log_contains: |-
               id "942100|id "942440"
diff --git a/tests/regression/wordpress-rule-exclusions-plugin/9507140.yaml b/tests/regression/wordpress-rule-exclusions-plugin/9507140.yaml
index 227d586..1a6c946 100644
--- a/tests/regression/wordpress-rule-exclusions-plugin/9507140.yaml
+++ b/tests/regression/wordpress-rule-exclusions-plugin/9507140.yaml
@@ -26,5 +26,5 @@ tests:
             data: |
               {"id":"twentytwentyfour//header","content":"<!-- wp:group{\"align\":\"wide\",\"style\":{\"spacing\":{\"padding\":{\"top\":\"20px\",\"bottom\":\"20px\"}}},\"backgroundColor\":\"base\",\"layout\":{\"type\":\"constrained\"}} -->\n<div class=\"wp-block-groupalignwide has-base-background-color has-background\" style=\"padding-top:20px;padding-bottom:20px\"><!-- wp:group{\"align\":\"wide\",\"layout\":{\"type\":\"flex\",\"justifyContent\":\"space-between\",\"flexWrap\":\"wrap\"}} -->\n<div class=\"wp-block-group alignwide\"><!-- wp:group{\"style\":{\"spacing\":{\"blockGap\":\"var:preset|spacing|20\"},\"layout\":{\"selfStretch\":\"fit\",\"flexSize\":null}},\"layout\":{\"type\":\"flex\"}} -->\n<div class=\"wp-block-group\">
               <!-- wp:site-logo{\"width\":60,\"shouldSyncIcon\":false} /-->\n\n<!-- wp:group {\"style\":{\"spacing\":{\"blockGap\":\"0px\"}}} -->\n<div class=\"wp-block-group\"><!-- wp:site-title {\"level\":0} /--></div>\n<!-- /wp:group--></div>\n<!-- /wp:group -->\n\n<!-- wp:navigation{\"ref\":2180,\"icon\":\"menu\",\"layout\":{\"type\":\"flex\",\"justifyContent\":\"right\",\"orientation\":\"horizontal\",\"flexWrap\":\"wrap\"},\"style\":{\"spacing\":{\"margin\":{\"top\":\"0\"},\"blockGap\":\"va>/--></div>\n<!-- /wp:group -->\n\n<!-- wp:paragraph -->\n<p></p>\n<!-- /wp:paragraph --></div>\n<!-- /wp:group -->"}
-            no_log_contains: |
+            no_log_contains: |-
               id "932240"|id "932236"|id "941100"|id "941150"|id "941160"|id "941180"|id "941181"|id "941320"|id "942210"|id "942330"|id "942340"|id "942370"|id "942430"|id "942431"|id "942432"|id "942440"|id "942520"
diff --git a/tests/regression/wordpress-rule-exclusions-plugin/9507201.yaml b/tests/regression/wordpress-rule-exclusions-plugin/9507201.yaml
index 6fd1ea1..e4e1bad 100644
--- a/tests/regression/wordpress-rule-exclusions-plugin/9507201.yaml
+++ b/tests/regression/wordpress-rule-exclusions-plugin/9507201.yaml
@@ -24,5 +24,5 @@ tests:
               {"validation":"require-all-validate","requests":[{"path":"/wp/v2/widgets","body":{"id_base":"block","instance":{"raw":{"content":"<!-- wp:paragraph -->\n<p>test</p>\n<!--/wp:paragraph -->"}},"sidebar":"sidebar-1"},"method":"POST"},{"path":"/wp/v2/widgets","body":{"id_base":"block","instance":{"raw":{"content":"<!-- wp:search{\"label\":\"Search\",\"buttonText\":\"Search\"} /-->"}},
               "sidebar":"sidebar-1"},"method":"POST"},{"path":"/wp/v2/widgets","body":{"id_base":"block","instance":{"raw":{"content":"<!-- wp:table-->\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td></td><td></td></tr><tr><td></td><td></td></tr></tbody></table></figure>\n<!-- /wp:table-->"}},"sidebar":"sidebar-1"},"method":"POST"}]}
           output:
-            no_log_contains: |
+            no_log_contains: |-
               id "920272"|id "920273"|id "932200"|id "932236"|id "932240"|id "932370"|id "941150"|id "941180"|id "941181"|id "941320"|id "941330"|id "942130"|id "942131"|id "942200"|id "942210"|id "942260"|id "942330"|id "942340"|id "942370"|id "942430"|id "942431"|id "942432"|id "942440"|id "942460"|id "942520"
diff --git a/tests/regression/wordpress-rule-exclusions-plugin/9507350.yaml b/tests/regression/wordpress-rule-exclusions-plugin/9507350.yaml
index 39ce340..392060e 100644
--- a/tests/regression/wordpress-rule-exclusions-plugin/9507350.yaml
+++ b/tests/regression/wordpress-rule-exclusions-plugin/9507350.yaml
@@ -20,7 +20,7 @@ tests:
             version: "HTTP/1.1"
             uri: /get/wp-admin/user-edit.php?user_id=9&wp_http_referer=%2Fwp-admin%2Fusers.php%3Fupdate%3Dadd%26id%3D9
           output:
-            no_log_contains: |
+            no_log_contains: |-
               id "920230"|id "932235"|id "932236"|id "942430"|id "942431"|id "942432"|id "942450"
   - test_title: 9507350-2
     desc: Deleteing a user account
@@ -38,7 +38,7 @@ tests:
             version: "HTTP/1.1"
             uri: /post/wp-admin/users.php?s=&_wpnonce=random&_wp_http_referer=%2Fwp-admin%2Fusers.php&action=delete&new_role=&paged=1&users%5B0%5D=9&action2=delete&new_role2=
           output:
-            no_log_contains: |
+            no_log_contains: |-
               id "920230"|id "932235"|id "932236"|id "942430"|id "942431"|id "942432"|id "942450"
   - test_title: 9507350-3
     desc: Disable 932236 for randomly generated nonce
@@ -55,7 +55,7 @@ tests:
             version: "HTTP/1.1"
             uri: /post/wp-admin/users.php?s=&_wpnonce=lsrandom&_wp_http_referer=%2Fwp-admin%2Fusers.php&action=delete&new_role=&paged=1&users%5B0%5D=9&action2=delete&new_role2=
           output:
-            no_log_contains: |
+            no_log_contains: |-
               id "920230"|id "932235"|id "932236"|id "942430"|id "942431"|id "942432"|id "942450"
   - test_title: 9507350-4
     desc: Disable 942450 for randomly generated nonce
@@ -72,7 +72,7 @@ tests:
             version: "HTTP/1.1"
             uri: /post/wp-admin/users.php?s=&_wpnonce=0x0800random&_wp_http_referer=%2Fwp-admin%2Fusers.php&action=delete&new_role=&paged=1&users%5B0%5D=9&action2=delete&new_role2=
           output:
-            no_log_contains: |
+            no_log_contains: |-
               id "920230"|id "932235"|id "932236"|id "942430"|id "942431"|id "942432"|id "942450"
   - test_title: 9507350-5
     desc: Disable 932236 for randomly generated nonce
@@ -89,7 +89,7 @@ tests:
             version: "HTTP/1.1"
             uri: /post/wp-admin/users.php?s=&nonce=lsrandom
           output:
-            no_log_contains: |
+            no_log_contains: |-
               id "920230"|id "932235"|id "932236"|id "942430"|id "942431"|id "942432"|id "942450"
   - test_title: 9507350-6
     desc: Disable 942450 for randomly generated nonce
@@ -106,7 +106,7 @@ tests:
             version: "HTTP/1.1"
             uri: /post/wp-admin/users.php?s=&nonce=0x0800random
           output:
-            no_log_contains: |
+            no_log_contains: |-
               id "920230"|id "932235"|id "932236"|id "942430"|id "942431"|id "942432"|id "942450"
   - test_title: 9507350-7
     desc: Requesting a static file with randomly generated version
@@ -123,7 +123,7 @@ tests:
             version: "HTTP/1.1"
             uri: /get/example.js?ver=lsrandom
           output:
-            no_log_contains: |
+            no_log_contains: |-
               id "920230"|id "932235"|id "932236"|id "942430"|id "942431"|id "942432"|id "942450"
   - test_title: 9507350-8
     desc: Requesting a static file with randomly generated version
@@ -140,7 +140,7 @@ tests:
             version: "HTTP/1.1"
             uri: /get/example.js?ver=0x0000
           output:
-            no_log_contains: |
+            no_log_contains: |-
               id "920230"|id "932235"|id "932236"|id "942430"|id "942431"|id "942432"|id "942450"
   - test_title: 9507350-9
     desc: Editing tags
@@ -160,5 +160,5 @@ tests:
             data: |
               _wp_http_referer=/wp-admin/term.php?taxonomy=post_tag&tag_ID=12&post_type=post&wp_http_referer=%2Fwp-admin%2Fedit-tags.php%3Ftaxonomy%3Dpost_tag
           output:
-            no_log_contains: |
+            no_log_contains: |-
               id "920230"|id "932235"|id "932236"|id "942430"|id "942431"|id "942432"|id "942450"

From 9d9a62ab6d46a989eafaab5285b7cfbb419d8452 Mon Sep 17 00:00:00 2001
From: Esad Cetiner <104706115+EsadCetiner@users.noreply.github.com>
Date: Wed, 27 Nov 2024 01:09:58 +1100
Subject: [PATCH 4/5] fix: move `ARGS_NAMES:users[0]` to it's own rule

---
 plugins/wordpress-rule-exclusions-before.conf | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/plugins/wordpress-rule-exclusions-before.conf b/plugins/wordpress-rule-exclusions-before.conf
index fa5d6fc..097bd86 100644
--- a/plugins/wordpress-rule-exclusions-before.conf
+++ b/plugins/wordpress-rule-exclusions-before.conf
@@ -457,8 +457,6 @@ SecRule REQUEST_FILENAME "@unconditionalMatch" \
     pass,\
     t:none,\
     nolog,\
-    ctl:ruleRemoveTargetById=920273;ARGS_NAMES:users[0],\
-    ctl:ruleRemoveTargetById=942432;ARGS_NAMES:users[0],\
     ctl:ruleRemoveTargetById=932236;ARGS:nonce,\
     ctl:ruleRemoveTargetById=942450;ARGS:nonce,\
     ctl:ruleRemoveTargetById=932236;ARGS:ver,\
@@ -639,6 +637,17 @@ SecRule REQUEST_FILENAME "@rx /wp-admin/(?:admin|admin-ajax|edit|users)\.php$" \
     ctl:ruleRemoveTargetById=932236;ARGS_NAMES:ids,\
     ver:'wordpress-rule-exclusions-plugin/1.0.1'"
 
+# Managing users
+SecRule REQUEST_FILENAME "@endsWith /wp-admin/users.php" \
+    "id:9507602,\
+    phase:1,\
+    pass,\
+    t:none,\
+    nolog,\
+    ver:'wordpress-rule-exclusions-plugin/1.0.1',\
+    ctl:ruleRemoveTargetById=920273;ARGS_NAMES:users[0],\
+    ctl:ruleRemoveTargetById=942432;ARGS_NAMES:users[0]"
+
 #
 # [ Content editing ]
 #

From 4d405a541bcd30dfa1e5e182f26659385030b1c1 Mon Sep 17 00:00:00 2001
From: Esad Cetiner <104706115+EsadCetiner@users.noreply.github.com>
Date: Fri, 29 Nov 2024 05:13:33 +1100
Subject: [PATCH 5/5] up

---
 plugins/wordpress-rule-exclusions-before.conf | 14 +++-----------
 1 file changed, 3 insertions(+), 11 deletions(-)

diff --git a/plugins/wordpress-rule-exclusions-before.conf b/plugins/wordpress-rule-exclusions-before.conf
index 097bd86..8825bcb 100644
--- a/plugins/wordpress-rule-exclusions-before.conf
+++ b/plugins/wordpress-rule-exclusions-before.conf
@@ -627,6 +627,7 @@ SecRule REQUEST_FILENAME "@endsWith /wp-admin/user-new.php" \
             ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:pass2"
 
 # The ID variable is used all over wordpress
+# Managing users
 SecRule REQUEST_FILENAME "@rx /wp-admin/(?:admin|admin-ajax|edit|users)\.php$" \
     "id:9507601,\
     phase:1,\
@@ -635,18 +636,9 @@ SecRule REQUEST_FILENAME "@rx /wp-admin/(?:admin|admin-ajax|edit|users)\.php$" \
     nolog,\
     ctl:ruleRemoveTargetById=932236;ARGS_NAMES:id,\
     ctl:ruleRemoveTargetById=932236;ARGS_NAMES:ids,\
-    ver:'wordpress-rule-exclusions-plugin/1.0.1'"
-
-# Managing users
-SecRule REQUEST_FILENAME "@endsWith /wp-admin/users.php" \
-    "id:9507602,\
-    phase:1,\
-    pass,\
-    t:none,\
-    nolog,\
-    ver:'wordpress-rule-exclusions-plugin/1.0.1',\
     ctl:ruleRemoveTargetById=920273;ARGS_NAMES:users[0],\
-    ctl:ruleRemoveTargetById=942432;ARGS_NAMES:users[0]"
+    ctl:ruleRemoveTargetById=942432;ARGS_NAMES:users[0],\
+    ver:'wordpress-rule-exclusions-plugin/1.0.1'"
 
 #
 # [ Content editing ]