diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md index 717c0be..5823177 100644 --- a/CONTRIBUTORS.md +++ b/CONTRIBUTORS.md @@ -2,5 +2,6 @@ - [Ervin Hegedus](https://github.com/airween) - [Walter Hop](https://github.com/lifeforms) +- [Max Leske](https://github.com/theseion) - [Jozef Sudolský](https://github.com/azurit) - [Felipe Zipitría](https://github.com/fzipi) diff --git a/plugins/phpmyadmin-rule-exclusions-before.conf b/plugins/phpmyadmin-rule-exclusions-before.conf index 558e638..e8c0863 100644 --- a/plugins/phpmyadmin-rule-exclusions-before.conf +++ b/plugins/phpmyadmin-rule-exclusions-before.conf @@ -16,6 +16,10 @@ # Documentation can be found here: # https://github.com/coreruleset/phpmyadmin-rule-exclusions-plugin +# Generic rule to disable plugin +SecRule TX:phpmyadmin-rule-exclusions-plugin_enabled "@eq 0" "id:9513099,phase:1,pass,nolog,ctl:ruleRemoveById=9513100-9513999" + + # Editing / copying a row - loading row data SecRule REQUEST_FILENAME "@endsWith /tbl_change.php" \ "id:9513100,\ diff --git a/plugins/phpmyadmin-rule-exclusions-config.conf b/plugins/phpmyadmin-rule-exclusions-config.conf new file mode 100644 index 0000000..65b0d79 --- /dev/null +++ b/plugins/phpmyadmin-rule-exclusions-config.conf @@ -0,0 +1,43 @@ +# ------------------------------------------------------------------------ +# OWASP ModSecurity Core Rule Set Plugin +# Copyright (c) 2021-2022 Core Rule Set project. All rights reserved. +# +# The OWASP ModSecurity Core Rule Set plugins are distributed under +# Apache Software License (ASL) version 2 +# Please see the enclosed LICENSE file for full details. +# ------------------------------------------------------------------------ + +# OWASP CRS Plugin +# Plugin name: phpmyadmin-rule-exclusions +# Plugin description: +# Rule ID block base: 9,513,000 - 9,513,999 +# Plugin version: 1.0.0 + +# Documentation can be found here: +# https://github.com/coreruleset/phpmyadmin-rule-exclusions-plugin + +# Generic rule to disable the plugin +# +# Plugins are enabled by default. +# +# They become active by placing them in the plugin folder. It is possible to +# control plugin activation via setting a variable. This can be done in the +# plugin config file here. +# +# The predefined variable name is meant to be "-plugin_enabled". +# For the phpmyadmin-rule-exclusions-plugin, this means it can be disabled by setting +# tx.phpmyadmin-rule-exclusions-plugin_enabled=0. +# +# Note that a global setting of this variable overrides the setting here. +# That means the "enabled" variable is only set by this rule if it has not +# been set before. +# +# Feel free to set the variable unconditionally here by replacing the +# SecRule line with an unconditional SecAction statement. +# +#SecRule &TX:phpmyadmin-rule-exclusions-plugin_enabled "@eq 0" \ +# "id:9513010,\ +# phase:1,\ +# pass,\ +# nolog,\ +# setvar:'tx.phpmyadmin-rule-exclusions-plugin_enabled=0'"