diff --git a/nginx/modsecurity/global-exceptions.conf b/nginx/modsecurity/global-exceptions.conf
index 012a277..af5aaca 100644
--- a/nginx/modsecurity/global-exceptions.conf
+++ b/nginx/modsecurity/global-exceptions.conf
@@ -11,6 +11,13 @@
 SecRule REQUEST_URI "@beginsWith /remote.php" "id:10001,phase:1,nolog,pass,ctl:ruleEngine=Off"
 SecRule REQUEST_URI "@streq /.well-known/caldav" "id:10002,phase:1,nolog,pass,ctl:ruleEngine=Off"
 SecRule REQUEST_URI "@streq /.well-known/carddav" "id:10003,phase:1,nolog,pass,ctl:ruleEngine=Off"
+SecRule REQUEST_URI "@beginsWith /ocs/v2.php/apps/user_status/api/v1/heartbeat" \
+    "id:1001, \
+    phase:2, \
+    pass, \
+    nolog, \
+    ctl:ruleRemoveById=942100, \
+    msg:'TUNING: Falso-positivo de SQLi (942100) removido para a API de heartbeat'"
 
 # --------------------------------------------------------------------------
 # Exceções para o Zabbix