For the Apache Users on the forum, and people generally interested in this sort of thing:
ModSecurity is a Web Application Firewall for Apache. There is a Core Rule Set (CRS) included in the repos for generic nastiness detection, however you may find that you get lots of false positives.
Therefore, it is necessary to write yourself a whitelist file, which is an absolute PITA to do manually because there are so many false positives. I tried myself, spent a few hours doing it, and then thought it was about time I brushed up on my BASH skills.
So, here is the result of my labour: a script that will take your Apache error logs and use them to produce a whitelist file, based on the principle that errors caused by requests from a specified set of IP addresses are false positives, and should therefore be whitelisted.
You can define which locations you want to group into LocationMatch statements. If you don't specify any, a LocationMatch statement will be produced for each and every URI where a friendly user tripped a rule.
The defaults here are for a site running Wordpress and Webalizer, but you can use the same script to make a separate whitelist for each VirtualHost, and then load each one like this:
The script:
Sample terminal output:
Sample whitelist file:
I need to write one more step to remove the empty LocationMatch statements just so the whitelist file looks cleaner, but other than that it works great.
I hope someone finds it useful/interesting!
If I've done silly, inefficient things with BASH (undoubtedly so) then please post your suggestions for improvements.
Feathers
ModSecurity is a Web Application Firewall for Apache. There is a Core Rule Set (CRS) included in the repos for generic nastiness detection, however you may find that you get lots of false positives.
Therefore, it is necessary to write yourself a whitelist file, which is an absolute PITA to do manually because there are so many false positives. I tried myself, spent a few hours doing it, and then thought it was about time I brushed up on my BASH skills.
So, here is the result of my labour: a script that will take your Apache error logs and use them to produce a whitelist file, based on the principle that errors caused by requests from a specified set of IP addresses are false positives, and should therefore be whitelisted.
You can define which locations you want to group into LocationMatch statements. If you don't specify any, a LocationMatch statement will be produced for each and every URI where a friendly user tripped a rule.
The defaults here are for a site running Wordpress and Webalizer, but you can use the same script to make a separate whitelist for each VirtualHost, and then load each one like this:
Code:
<VirtualHost *:80> ServerName foo.com Include /etc/modsecurity/whitelists/foo.conf </VirtualHost> <VirtualHost *:80> ServerName bar.com Include /etc/modsecurity/whitelists/bar.conf </VirtualHost>
Code:
#! /bin/bash
#
# This is the ModSecurity CRS Whitelist Generator Script version 12/03/2014
# Not affiliated with the Modsecurity project or the CRS
# Script by Sam Hobbs http://www.samhobbs.co.uk
# Licence: public domain
# Please let me know how you get on so that I can make improvements: leave a
# comment on my blog or email me at: sam at samhobbs dot co dot uk
# Every installation of Apache with Modsecurity will probably have false positives.
# This script aims to make writing a whitelist file quicker than doing it manually.
# Required input is as many error logs as you have available from the relevant virutalhost,
# with modsecurity set to detect only and all of the CRS enabled
#===================================== USER INPUT =========================================#
# This script works by assuming that all traffic from a friendly IP address is legitimate
# and that the resulting errors are false positives.
# Define one or more friendly IP address, separating each IP with a space. If you are
# hosting at home, a good choice is your router's LAN IP address, since your server sees
# all traffic from your LAN as originating here.
# You might also like to add IP addresses of users you know weren't abusing the site, for
# example people who left legitimate comments. Wordpress tells you the IP address used to
# post each comment on the comment moderation GUI.
FRIENDLY_IP="192.168.1.1"
# Define a list of special locations. The matching process uses regex. A LocationMatch
# statement will be created for each one of these locations, which will be populated with
# rule IDs for all the locations that match that regex. Leave a space between each location
# that you enter.
# There is no need to start each location with "^"; the script adds the character for you.
# If you don't end the location with a "$" then the script will automatically add an
# asterisk to the end of the location in the LocationMatch statement so that it will match
# all files beginning with that path, i.e.
# <LocationMatch "^/wordpress/wp-admin/*"> matches /wordpress/wp-admin/wp-login.php, but
# <LocationMatch "^/wordpress/wp-admin/$"> does not.
SPECIAL_LOCATIONS="/webalizer /20[0-9][0-9]/[0-9][0-9] /wordpress/wp-content/uploads/20[0-9][0-9]/[0-9][0-9] /wordpress/wp-content/plugins/akismet /wordpress/wp-content/plugins/syntaxhighlighter /wordpress/wp-content/plugins/jquery-collapse-o-matic /wordpress/wp-includes/js/ /wordpress/wp-includes/css /wordpress/wp-includes/images /wordpress/wp-content/themes/twentyfourteen /wordpress/wp-admin/$"
# Define directory holding the Apache error log files to be processed
LOG_DIR=~/error
# Define directory for output files:
OUTPUT_DIR=~/modsec-whitelist
#===================================== KNOWN BUGS =========================================#
# SecRuleRemoveById 891143 doesn't work. From what I can tell, this is a ModSecurity bug,
# not a problem with the script; other users have had the same problem:
# http://lists.roundcube.net/pipermail/users/2011-October.txt
#==================================== HOUSEKEEPING ========================================#
# Script version
VERSION="12/03/2014"
# Create the output directory if it doesn't exist:
if [ ! -d $OUTPUT_DIR ]
then
mkdir $OUTPUT_DIR
echo "Output directory has been created at $OUTPUT_DIR"
echo ""
fi
# Delete the previous output files if they exist
if [ -d $OUTPUT_DIR ]
then
echo -n "Old output files detected, deleting..."
rm $OUTPUT_DIR/*
echo "...done"
echo ""
fi
# Some files:
COMBINED_LOG=$OUTPUT_DIR/combined_log
PROBLEM_LOCATIONS=$OUTPUT_DIR/problem_locations
ROOT_LOG=$OUTPUT_DIR/root_log
PROBLEM_LOCATIONS_REMAINING=$OUTPUT_DIR/problem_locations_remaining
ROOT_IDS=$OUTPUT_DIR/root_ids
GROUPED_LOCATIONS=$OUTPUT_DIR/grouped_locations
WHITELIST_FILE=$OUTPUT_DIR/whitelist
# Rules tripped on the root domain will be added as generic exceptions for the whole virtualhost:
echo "Rules tripped on the root domain will be added as generic exceptions for the whole virtualhost"
echo ""
echo "In addition to this, you have selected the following special locations to be grouped into whitelist statements"
for variable in $SPECIAL_LOCATIONS; do
echo "> $variable";
done
echo ""
# Perform work in temorary files
TEMPFILE1=$(mktemp)
TEMPFILE2=$(mktemp)
TEMPFILE3=$(mktemp)
TEMPFILE4=$(mktemp)
#==================================== LOG PROCESSING ======================================#
# Read all files in the log file directory and combine them into one long file:
echo "Processing error logs..."
for f in $LOG_DIR/*; do
if [[ "$f" =~ \.gz$ ]]; then
echo "> reading $f"
zcat $f >> $TEMPFILE1
elif [[ "$f" =~ \.log ]]; then
echo "> reading $f"
cat $f >> $TEMPFILE1
else
echo "File $f not recognised as a log file, skipping"
fi
done
echo ""
echo "Converting logs into a useful format:"
# Remove any log entries from the file that are not generated by ModSecurity
echo -n "> Removing entries that were not generated by ModSecurity..."
grep ModSecurity $TEMPFILE1 > $TEMPFILE2
echo "...done."
#echo ""
# Remove log entries from traffic that is not from friendly IP addresses
echo -n "> Removing errors that were not from friendly IP addresses..."
for ip in $FRIENDLY_IP; do
grep "client $ip" $TEMPFILE2 >> $TEMPFILE4
done
echo "...done."
#echo ""
# Write combined log file:
echo -n "> Generating combined log file..."
cp $TEMPFILE4 $COMBINED_LOG
echo "...done ($COMBINED_LOG)."
#echo ""
# Filter out rules that match the root regex:
echo -n "> Separating entries that match the root location"
cat $COMBINED_LOG | grep uri.\"/\" > $ROOT_LOG
echo "...done ($ROOT_LOG)."
echo ""
# Now generate a list of locations with problems:
echo -n "Generating a list of all problem locations"
awk ' { print $(NF-2) }' $COMBINED_LOG | cut -d '"' -f 2 | sort | uniq > $PROBLEM_LOCATIONS
echo "...done ($PROBLEM_LOCATIONS)."
echo ""
#==================================== WHITELIST HEADER ====================================#
echo "# This file was created using the ModSecurity CRS Whitelist Generator script, version $VERSION" >> $WHITELIST_FILE
echo "# Save this file to /etc/modsecurity/modsecurity-whitelist and symlink it into the relevant" >>$WHITELIST_FILE
echo "# VirtualHost configuration with \"Include /etc/modsecurity/modsecurity-whitelist\"" >> $WHITELIST_FILE
echo "# See http://www.samhobbs.co.uk for more information" >> $WHITELIST_FILE
echo "" >> $WHITELIST_FILE
echo "" >> $WHITELIST_FILE
#==================================== MATCH EVERYWHERE ====================================#
# Rule matches for the site's root will be whitelisted for the whole site:
echo "Now working on rules to whitelist everywhere"
# Generate a list of IDs that match the root regex
echo -n "> Generating a list of rule IDs for the root location"
echo "##" > $ROOT_IDS
cat $ROOT_LOG | grep -o 'id \"......\"' | cut -d '"' -f 2 | sort -u >> $ROOT_IDS
echo "...done."
echo -n "> Writing LocationMatch statement to whitelist file..."
cat $ROOT_IDS | while read line; do sed 's/^/SecRuleRemoveById /'>> $WHITELIST_FILE; done
echo "" >> $WHITELIST_FILE
echo "...done."
echo ""
#=================================== SPECIAL LOCATIONS ====================================#
COUNT=1
for LOCATION in $SPECIAL_LOCATIONS; do
echo "Now working on the following location: $LOCATION"
# Generate a list of problem locations for $LOCATION
echo -n "> Generating a list of matching locations"
eval "echo "$OUTPUT_DIR/location_${COUNT}" >/dev/null"
TEMPLOCATION="$OUTPUT_DIR/location_${COUNT}"
cat $PROBLEM_LOCATIONS | grep "^$LOCATION" >> $TEMPLOCATION
echo "...done."
# Generate list of rule IDs for $LOCATION
echo -n "> Generating a list of rule IDs for this location"
echo "#" > $TEMPFILE3 # just to clear tempfile3
cat $TEMPLOCATION | while read LINE; do
grep $LINE $COMBINED_LOG | grep -o 'id \"......\"' | cut -d '"' -f 2 >> $TEMPFILE3
done
eval "echo "$OUTPUT_DIR/id_${COUNT}" >/dev/null"
TEMPIDFILE="$OUTPUT_DIR/id_${COUNT}"
cat $TEMPFILE3 | sort -u | grep -vxF -f $ROOT_IDS > $TEMPIDFILE
echo "...done."
let COUNT=COUNT+1
# Add $LOCATION to whitelist file
echo -n "> Writing LocationMatch statement to whitelist file"
# If defined location ends in $ don't add *, if not then do add a *
if [[ "$LOCATION" =~ \$$ ]]; then
echo "<LocationMatch \"^$LOCATION\">" >> $WHITELIST_FILE
else
echo "<LocationMatch \"^$LOCATION*\">" >> $WHITELIST_FILE
fi
cat $TEMPIDFILE | while read line; do sed 's/^/SecRuleRemoveById /'>> $WHITELIST_FILE; done
echo "</LocationMatch>" >> $WHITELIST_FILE
echo "" >> $WHITELIST_FILE
echo "...done."
echo ""
done
#================================ REMAINING LOCATIONS LIST ================================#
# Generate a list of all locations that are covered by the group statements
echo -n "Find locations already covered by the group statements"
for file in $OUTPUT_DIR/*; do
if [[ "$file" =~ location_[0-9] ]]; then
cat $file >> $GROUPED_LOCATIONS
fi
done
echo "...done ($GROUPED_LOCATIONS)."
# Now remove those locations from the master list of problem locations to leave a list of remaining problem locations. Also remove root, since this is dealt with separately.
echo -n "Remove these locations from the master list"
grep -vxF -f $GROUPED_LOCATIONS $PROBLEM_LOCATIONS | grep -v ^/$ > $PROBLEM_LOCATIONS_REMAINING
echo "...done ($PROBLEM_LOCATIONS_REMAINING)."
#================================== REMAINING LOCATIONS ===================================#
# Now write the remaining locations to the whitelist file
echo -n "Now writing the remaining problem locations to the whitelist file"
cat $PROBLEM_LOCATIONS_REMAINING | while read line; do
# since some of these are .php scripts, .php?foo=bar needs to match, so don't add $
echo "<LocationMatch \"^$line\">" >> $WHITELIST_FILE
grep $line $COMBINED_LOG | grep -o 'id \"......\"' | cut -d '"' -f 2 | sort -u | grep -vxF -f $ROOT_IDS | sed 's/^/SecRuleRemoveById /'>> $WHITELIST_FILE
echo "</LocationMatch>" >> $WHITELIST_FILE
echo "" >> $WHITELIST_FILE
done
echo "...done."
echo ""
echo "Your whitelist file has been created at $WHITELIST_FILE"
echo ""
#====================================== CLEAN UP ==========================================#
# Clean up temporary files
echo -n "Cleaning up..."
rm -f $TEMPFILE1 $TEMPFILE2 $TEMPFILE3 $TEMPFILE4
echo "...done"
Code:
feathers-mcgraw@Hobbs-T440s:~$ generate-modsec-whitelist.shOld output files detected, deleting......done Rules tripped on the root domain will be added as generic exceptions for the whole virtualhost In addition to this, you have selected the following special locations to be grouped into whitelist statements > /webalizer > /20[0-9][0-9]/[0-9][0-9] > /wordpress/wp-content/uploads/20[0-9][0-9]/[0-9][0-9] > /wordpress/wp-content/plugins/akismet > /wordpress/wp-content/plugins/syntaxhighlighter > /wordpress/wp-content/plugins/jquery-collapse-o-matic > /wordpress/wp-includes/js/ > /wordpress/wp-includes/css > /wordpress/wp-includes/images > /wordpress/wp-content/themes/twentyfourteen > /wordpress/wp-admin/$ Processing error logs... > reading /home/feathers-mcgraw/error/error.log > reading /home/feathers-mcgraw/error/error.log.1 > reading /home/feathers-mcgraw/error/error.log.10.gz > reading /home/feathers-mcgraw/error/error.log.11.gz > reading /home/feathers-mcgraw/error/error.log.12.gz > reading /home/feathers-mcgraw/error/error.log.13.gz > reading /home/feathers-mcgraw/error/error.log.14.gz > reading /home/feathers-mcgraw/error/error.log.15.gz > reading /home/feathers-mcgraw/error/error.log.16.gz > reading /home/feathers-mcgraw/error/error.log.17.gz > reading /home/feathers-mcgraw/error/error.log.18.gz > reading /home/feathers-mcgraw/error/error.log.19.gz > reading /home/feathers-mcgraw/error/error.log.20.gz > reading /home/feathers-mcgraw/error/error.log.21.gz > reading /home/feathers-mcgraw/error/error.log.22.gz > reading /home/feathers-mcgraw/error/error.log.23.gz > reading /home/feathers-mcgraw/error/error.log.2.gz > reading /home/feathers-mcgraw/error/error.log.3.gz > reading /home/feathers-mcgraw/error/error.log.4.gz > reading /home/feathers-mcgraw/error/error.log.5.gz > reading /home/feathers-mcgraw/error/error.log.6.gz > reading /home/feathers-mcgraw/error/error.log.7.gz > reading /home/feathers-mcgraw/error/error.log.8.gz > reading /home/feathers-mcgraw/error/error.log.9.gz Converting logs into a useful format: > Removing entries that were not generated by ModSecurity......done. > Removing errors that were not from friendly IP addresses......done. > Generating combined log file......done (/home/feathers-mcgraw/modsec-whitelist/combined_log). > Separating entries that match the root location...done (/home/feathers-mcgraw/modsec-whitelist/root_log). Generating a list of all problem locations...done (/home/feathers-mcgraw/modsec-whitelist/problem_locations). Now working on rules to whitelist everywhere > Generating a list of rule IDs for the root location...done. > Writing LocationMatch statement to whitelist file......done. Now working on the following location: /webalizer > Generating a list of matching locations...done. > Generating a list of rule IDs for this location...done. > Writing LocationMatch statement to whitelist file...done. Now working on the following location: /20[0-9][0-9]/[0-9][0-9] > Generating a list of matching locations...done. > Generating a list of rule IDs for this location...done. > Writing LocationMatch statement to whitelist file...done. Now working on the following location: /wordpress/wp-content/uploads/20[0-9][0-9]/[0-9][0-9] > Generating a list of matching locations...done. > Generating a list of rule IDs for this location...done. > Writing LocationMatch statement to whitelist file...done. Now working on the following location: /wordpress/wp-content/plugins/akismet > Generating a list of matching locations...done. > Generating a list of rule IDs for this location...done. > Writing LocationMatch statement to whitelist file...done. Now working on the following location: /wordpress/wp-content/plugins/syntaxhighlighter > Generating a list of matching locations...done. > Generating a list of rule IDs for this location...done. > Writing LocationMatch statement to whitelist file...done. Now working on the following location: /wordpress/wp-content/plugins/jquery-collapse-o-matic > Generating a list of matching locations...done. > Generating a list of rule IDs for this location...done. > Writing LocationMatch statement to whitelist file...done. Now working on the following location: /wordpress/wp-includes/js/ > Generating a list of matching locations...done. > Generating a list of rule IDs for this location...done. > Writing LocationMatch statement to whitelist file...done. Now working on the following location: /wordpress/wp-includes/css > Generating a list of matching locations...done. > Generating a list of rule IDs for this location...done. > Writing LocationMatch statement to whitelist file...done. Now working on the following location: /wordpress/wp-includes/images > Generating a list of matching locations...done. > Generating a list of rule IDs for this location...done. > Writing LocationMatch statement to whitelist file...done. Now working on the following location: /wordpress/wp-content/themes/twentyfourteen > Generating a list of matching locations...done. > Generating a list of rule IDs for this location...done. > Writing LocationMatch statement to whitelist file...done. Now working on the following location: /wordpress/wp-admin/$ > Generating a list of matching locations...done. > Generating a list of rule IDs for this location...done. > Writing LocationMatch statement to whitelist file...done. Find locations already covered by the group statements...done (/home/feathers-mcgraw/modsec-whitelist/grouped_locations). Remove these locations from the master list...done (/home/feathers-mcgraw/modsec-whitelist/problem_locations_remaining). Now writing the remaining problem locations to the whitelist file...done. Your whitelist file has been created at /home/feathers-mcgraw/modsec-whitelist/whitelist Cleaning up......done
Code:
# This file was created using the ModSecurity CRS Whitelist Generator script, version 11/03/2014 # Save this file to /etc/modsecurity/modsecurity-whitelist and symlink it into the relevant # VirtualHost configuration with "Include /etc/modsecurity/modsecurity-whitelist" # See http://www.samhobbs.co.uk for more information SecRuleRemoveById 950901 SecRuleRemoveById 960032 SecRuleRemoveById 960034 SecRuleRemoveById 981143 <LocationMatch "^/webalizer*"> SecRuleRemoveById 970002 SecRuleRemoveById 981205 SecRuleRemoveById 981220 SecRuleRemoveById 981222 </LocationMatch> <LocationMatch "^/20[0-9][0-9]/[0-9][0-9]*"> SecRuleRemoveById 960015 </LocationMatch> <LocationMatch "^/wordpress/wp-content/uploads/20[0-9][0-9]/[0-9][0-9]*"> SecRuleRemoveById 960015 SecRuleRemoveById 981172 </LocationMatch> <LocationMatch "^/wordpress/wp-content/plugins/akismet*"> SecRuleRemoveById 981172 SecRuleRemoveById 981405 </LocationMatch> <LocationMatch "^/wordpress/wp-content/plugins/syntaxhighlighter*"> SecRuleRemoveById 981405 </LocationMatch> <LocationMatch "^/wordpress/wp-content/plugins/jquery-collapse-o-matic*"> SecRuleRemoveById 981172 SecRuleRemoveById 981405 </LocationMatch> <LocationMatch "^/wordpress/wp-includes/js/*"> SecRuleRemoveById 981172 SecRuleRemoveById 981405 </LocationMatch> <LocationMatch "^/wordpress/wp-includes/css*"> SecRuleRemoveById 981172 SecRuleRemoveById 981405 </LocationMatch> <LocationMatch "^/wordpress/wp-includes/images*"> SecRuleRemoveById 981172 </LocationMatch> <LocationMatch "^/wordpress/wp-content/themes/twentyfourteen*"> SecRuleRemoveById 981172 SecRuleRemoveById 981401 SecRuleRemoveById 981405 SecRuleRemoveById 981407 </LocationMatch> <LocationMatch "^/wordpress/wp-admin/$"> SecRuleRemoveById 950018 SecRuleRemoveById 950119 SecRuleRemoveById 950922 SecRuleRemoveById 960010 SecRuleRemoveById 960024 SecRuleRemoveById 970003 SecRuleRemoveById 973334 SecRuleRemoveById 981172 SecRuleRemoveById 981173 SecRuleRemoveById 981184 SecRuleRemoveById 981185 SecRuleRemoveById 981224 SecRuleRemoveById 981240 SecRuleRemoveById 981243 SecRuleRemoveById 981257 </LocationMatch> <LocationMatch "^/about-me/"> </LocationMatch> <LocationMatch "^/category/mail-server/"> </LocationMatch> <LocationMatch "^/category/raspberry-pi/"> </LocationMatch> <LocationMatch "^/category/raspberry-pi/page/2/"> </LocationMatch> <LocationMatch "^/diy-raspberry-pi-webserver/"> SecRuleRemoveById 960015 </LocationMatch> <LocationMatch "^/favicon.ico"> </LocationMatch> <LocationMatch "^/index.php"> SecRuleRemoveById 981172 SecRuleRemoveById 981184 SecRuleRemoveById 981185 SecRuleRemoveById 981240 SecRuleRemoveById 981405 </LocationMatch> <LocationMatch "^/raspberry-pi-email-server/"> SecRuleRemoveById 960015 </LocationMatch> <LocationMatch "^/tutorials/"> </LocationMatch> <LocationMatch "^/tutorials/page/2/"> </LocationMatch> <LocationMatch "^/wordpress/wp-admin/admin-ajax.php"> SecRuleRemoveById 960010 SecRuleRemoveById 960024 SecRuleRemoveById 973334 SecRuleRemoveById 981172 SecRuleRemoveById 981173 SecRuleRemoveById 981224 SecRuleRemoveById 981240 SecRuleRemoveById 981243 SecRuleRemoveById 981257 </LocationMatch> <LocationMatch "^/wordpress/wp-admin/async-upload.php"> </LocationMatch> <LocationMatch "^/wordpress/wp-admin/comment.php"> SecRuleRemoveById 981172 SecRuleRemoveById 981173 SecRuleRemoveById 981240 </LocationMatch> <LocationMatch "^/wordpress/wp-admin/css/colors.min.css"> SecRuleRemoveById 981172 </LocationMatch> <LocationMatch "^/wordpress/wp-admin/css/wp-admin.min.css"> </LocationMatch> <LocationMatch "^/wordpress/wp-admin/edit-comments.php"> SecRuleRemoveById 950922 SecRuleRemoveById 970003 SecRuleRemoveById 981172 SecRuleRemoveById 981240 </LocationMatch> <LocationMatch "^/wordpress/wp-admin/images/spinner-2x.gif"> SecRuleRemoveById 981172 </LocationMatch> <LocationMatch "^/wordpress/wp-admin/images/wordpress-logo.svg"> </LocationMatch> <LocationMatch "^/wordpress/wp-admin/index.php"> SecRuleRemoveById 981172 SecRuleRemoveById 981184 SecRuleRemoveById 981185 SecRuleRemoveById 981240 </LocationMatch> <LocationMatch "^/wordpress/wp-admin/load-scripts.php"> SecRuleRemoveById 981172 SecRuleRemoveById 981173 SecRuleRemoveById 981240 </LocationMatch> <LocationMatch "^/wordpress/wp-admin/load-styles.php"> SecRuleRemoveById 981172 SecRuleRemoveById 981173 SecRuleRemoveById 981240 </LocationMatch> <LocationMatch "^/wordpress/wp-admin/plugin-install.php"> SecRuleRemoveById 970003 SecRuleRemoveById 981172 SecRuleRemoveById 981240 </LocationMatch> <LocationMatch "^/wordpress/wp-admin/plugins.php"> SecRuleRemoveById 981172 SecRuleRemoveById 981240 </LocationMatch> <LocationMatch "^/wordpress/wp-admin/post-new.php"> SecRuleRemoveById 981172 </LocationMatch> <LocationMatch "^/wordpress/wp-admin/post.php"> SecRuleRemoveById 950018 SecRuleRemoveById 950119 SecRuleRemoveById 960010 SecRuleRemoveById 981172 SecRuleRemoveById 981184 SecRuleRemoveById 981185 SecRuleRemoveById 981240 </LocationMatch> <LocationMatch "^/wordpress/wp-admin/update-core.php"> SecRuleRemoveById 981172 SecRuleRemoveById 981240 </LocationMatch> <LocationMatch "^/wordpress/wp-admin/update.php"> SecRuleRemoveById 981172 SecRuleRemoveById 981173 SecRuleRemoveById 981240 </LocationMatch> <LocationMatch "^/wordpress/wp-comments-post.php"> SecRuleRemoveById 959072 SecRuleRemoveById 960010 SecRuleRemoveById 960024 SecRuleRemoveById 981172 SecRuleRemoveById 981173 SecRuleRemoveById 981184 SecRuleRemoveById 981240 </LocationMatch> <LocationMatch "^/wordpress/wp-content/plugins/better-wp-security/images/shield-small.png"> SecRuleRemoveById 981172 </LocationMatch> <LocationMatch "^/wordpress/wp-cron.php"> SecRuleRemoveById 960015 SecRuleRemoveById 981220 SecRuleRemoveById 981222 SecRuleRemoveById 981405 </LocationMatch> <LocationMatch "^/wordpress/wp-login.php"> SecRuleRemoveById 960010 SecRuleRemoveById 981173 SecRuleRemoveById 981184 SecRuleRemoveById 981185 SecRuleRemoveById 981240 </LocationMatch>
I hope someone finds it useful/interesting!
If I've done silly, inefficient things with BASH (undoubtedly so) then please post your suggestions for improvements.
Feathers
Comment