# Ficheiro de Exceções do ModSecurity para o Zabbix (ATUALIZADO)

# --------------------------------------------------------------------------
# Zabbix Web Interface Protection
# --------------------------------------------------------------------------
# REMOVED: zabbix.php whitelist. The UI should be protected by WAF.
# REMOVED: api_jsonrpc.php whitelist. This should only be accessed via VPN
# (covered by Global Internal Network rule 10000).

# --------------------------------------------------------------------------
# Dashboard Noise Reduction
# --------------------------------------------------------------------------
# Allows jsrpc.php which handles some background AJAX for the dashboard.
# If this causes security concerns, it can be removed, but usually generates false positives.
SecRule REQUEST_URI "@streq /jsrpc.php" \
    "id:10004,phase:1,pass,nolog,ctl:ruleEngine=Off"

# --------------------------------------------------------------------------
# Host Discovery
# --------------------------------------------------------------------------
SecRule REQUEST_URI "@beginsWith /zabbix/host_discovery.php" \
    "id:10005,phase:1,pass,nolog,ctl:ruleRemoveById=9XXXXX,ctl:ruleRemoveById=9YYYYY"