31 lines
1.7 KiB
Plaintext
31 lines
1.7 KiB
Plaintext
# Ficheiro de Exceções do ModSecurity para o Nextcloud (ATUALIZADO)
|
|
|
|
# --------------------------------------------------------------------------
|
|
# Broad API & Extension Whitelist (User Request: "Liberate all APIs")
|
|
# --------------------------------------------------------------------------
|
|
# Allows /apps/, /ocs/ (Open Cloud Standard), and /remote.php (WebDAV)
|
|
# to ensure plugins and sync clients work without restriction.
|
|
SecRule REQUEST_URI "@rx ^/(index\.php/apps|apps|ocs|remote\.php)/" \
|
|
"id:10050,phase:1,pass,nolog,ctl:ruleEngine=Off"
|
|
|
|
# --------------------------------------------------------------------------
|
|
# Office Online (WOPI & Hosting)
|
|
# --------------------------------------------------------------------------
|
|
# Whitelist for Office Online server communication
|
|
SecRule REQUEST_URI "@rx ^/(hosting|op|we|wv|p|x|lo|m|o|browser)/" \
|
|
"id:10014,phase:1,pass,nolog,ctl:ruleEngine=Off"
|
|
|
|
# Proxy Whitelist for Office Online (Internal)
|
|
SecRule REMOTE_ADDR "@ipMatch 172.16.254.1" \
|
|
"id:10034,phase:1,pass,nolog,chain,msg:'WHITELIST: [Proxy 172.16.254.1] Office Online WOPI'"
|
|
SecRule REQUEST_URI "@beginsWith /index.php/apps/officeonline/wopi/files/" "ctl:ruleEngine=Off"
|
|
|
|
# --------------------------------------------------------------------------
|
|
# Specific Sync & Discovery (Legacy/Specific IDs reserved)
|
|
# --------------------------------------------------------------------------
|
|
SecRule REQUEST_URI "@streq /.well-known/caldav" "id:10002,phase:1,pass,nolog,ctl:ruleEngine=Off"
|
|
SecRule REQUEST_URI "@streq /.well-known/carddav" "id:10003,phase:1,pass,nolog,ctl:ruleEngine=Off"
|
|
|
|
# Preview Generator
|
|
SecRule REQUEST_URI "@beginsWith /index.php/core/preview" "id:10010,phase:1,pass,nolog,ctl:ruleRemoveById=9XXXXX"
|