I have a question how to deal with whitelisting field arrays in modsecurity. Currently am doing the following:
... ctl:ruleRemoveTargetById=942510;ARGS:_owc_pdc_faq_group[0][pdc_faq_answer]"
... ctl:ruleRemoveTargetById=942510;ARGS:_owc_pdc_faq_group[1][pdc_faq_answer]"
... ctl:ruleRemoveTargetById=942510;ARGS:_owc_pdc_faq_group[2][pdc_faq_answer]"
... ctl:ruleRemoveTargetById=942510;ARGS:_owc_pdc_faq_group[3][pdc_faq_answer]"
Now for WP there is a limited amount of items. But another application has near unlimited fields. As far as I have found there is no way to use regex for the target parameter. I also don't believe it's possible to cut the field parameter short as there is no wildcard at the end of the field.
This wont work for the examples above:
... ctl:ruleRemoveTargetById=942510;ARGS:_owc_pdc_faq_group"
... ctl:ruleRemoveTargetById=942510;ARGS:_owc_pdc_faq_group*"
I don't want to drop the field parameter if I don't have to. I would love to hear any suggestions you may have.