diff --git a/nginx/modsecurity/global-exceptions.conf b/nginx/modsecurity/global-exceptions.conf index 10bf906..c6c9337 100644 --- a/nginx/modsecurity/global-exceptions.conf +++ b/nginx/modsecurity/global-exceptions.conf @@ -11,12 +11,6 @@ SecRule REQUEST_URI "@beginsWith /remote.php" "id:10001,phase:1,nolog,pass,ctl:ruleEngine=Off" SecRule REQUEST_URI "@streq /.well-known/caldav" "id:10002,phase:1,nolog,pass,ctl:ruleEngine=Off" SecRule REQUEST_URI "@streq /.well-known/carddav" "id:10003,phase:1,nolog,pass,ctl:ruleEngine=Off" -SecRule REQUEST_URI "@beginsWith /ocs/v2.php/apps/user_status/api/v1/heartbeat" \ - "id:1001,phase:2,pass,nolog,ctl:ruleRemoveById=942100,msg:'TUNING: Falso-positivo de SQLi (942100) removido para a API de heartbeat'" -SecRule REQUEST_URI "@beginsWith /ocs/v2.php/apps/user_status/api/v1/heartbeat" \ - "id:1001,phase:2,pass,nolog,ctl:ruleRemoveById=920350,msg:'TUNING: Falso-positivo (920350) removido para a API de heartbeat'" -SecRule REQUEST_URI "@beginsWith /apps/files/api/v1/config/sort_favorites_first" \ - "id:1002,phase:2,pass,nolog,ctl:ruleRemoveById=920420,msg:'TUNING: Falso-positivo de decodificacao (920420) removido para a API de config'" # -------------------------------------------------------------------------- # Exceções para o Zabbix # -------------------------------------------------------------------------- @@ -97,3 +91,10 @@ SecRule REQUEST_URI "@beginsWith /ocs/v2.php/apps/external/api/v1/sites" "id:100 # Exceção para os ícones da app "sites externos". Bloqueava requisições DELETE. SecRule REQUEST_URI "@beginsWith /apps/external/icons" "id:10018,phase:1,pass,nolog,ctl:ruleEngine=Off" # ========================================================================================== +SecRule REQUEST_URI "@rx ^/(ocs/v2\.php/apps/user_status/api/v1/heartbeat|apps/files/api/v1/config/(sort_favorites_first|show_hidden|grid_view|folder_tree|sort_folders_first|crop_image_previews))" \ + "id:10022, \ + phase:1, \ + pass, \ + nolog, \ + ctl:ruleEngine=Off, \ + msg:'TUNING: ModSecurity desativado para APIs de configuracao de UI do Nextcloud'"