I am very new to mod-security, and have been struggling quite a bit with rule exclusions that are beyond the scope of examples shown in this tutorial from Linuxbabe.com. I am running a Wordpress LEMP Server, and my issue is specific to getting the iOS Wordpress app working properly, without mod-security interpreting posts from the iOS Wordpress app as attacks. Also, note, I am using the OSWAP ruleset with mod-security.
The core issues I am having with my wordpress app, are that when turning plugin's on and off from the iOS app, mod-security denies that action. The second (and more important) issue I am having with the iOS app is making (photo) blog posts from the iOS app. Specifically I am having trouble making posts that have a single picture, or a picture gallery in the iOS app.
Initially, the iOS app would not let me make any posts whatsoever, including plain text posts. As of now, I have managed to create a rule exclusion to allow plain text posts, however, that is as far as I have gotten, and any other attempts to unblock (with rule exclusions) picture uploads and gallery posts containing photos, have been a failure. Furthermore any attempts to unblock plugin deactivation and activation from the iOS Wordpress app have also been a failure.
Hopefully a mod-security Pro can read my logs and help me create the proper rule exclusions to get my iOS app fully working while running mod-security on Nginx with wordpress.
Problem 1) Solved
To begin, these are the logs that were created when trying to make a TEXT BASED POST on the Wordpress iOS app: https://pastebin.com/N0UugaAc
After looking at these logs and grasping a mild understanding from linuxbabe.com's tutorial, i created the following rule in the REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf file:
# Allow iOS app to create and save TEXT BASED posts.
SecRule REQUEST_URI "@streq /xmlrpc.php" "id:1030,phase:1,ctl:ruleRemoveById=941180"
This rule alone successfully allows iOS to make text based posts, but does not allow posting photos or uploading photos. Problem 1 solved.
Problem 2) Unsolved
The next problem I am having is trying to upload photos (multiple as well as single) and make a photo based post from the iOS app. These are the logs that were created when trying to make a TEXT BASED POST on the Wordpress iOS app:
I have tried the following rules exclusions to allow multi-photo blog posts in wordpress, and none have worked thus far.
#Allow iOS Wordpress app to create and save picture based posts.
SecRule REQUEST_URI "@streq /xmlrpc.php" "id:1031,phase:1,ctl:ruleRemoveById=941100"
SecRule REQUEST_URI "@streq /xmlrpc.php" "id:1033,phase:1,ctl:ruleRemoveByID=941160"
SecRule REQUEST_URI "@streq /xmlrpc.php" "id:1034,phase:1,ctl:ruleRemoveByID=932140"
Could someone please do me a big great favor and take a look at the above logs, and help me create a proper rule exclusion for posting photos with the Wordpress iOS app?
Problem 3) Unsolved
The Final exclusion I need is to allow the wordpress iOS app to turn on and off plugins. Currently plugins are on. Below is the log posted when trying to turn a plugin off....
I have tried the following rules exclusions to plugin activation and deactivation (Specifically the Flamingo plugin) from within the iOS Wordpress App, and none have worked thus far.
# Allow enable/disable plugins in the wordpress app (flamingo) for iOS
SecRule REQUEST_URI "@within /wp-json/wp/v2/plugins/flamingo/flamingo" "id:1040,phase:2,ctl:ruleRemoveById=1642837425"
Could someone, again, please do me a big great favor and take a look at the above logs, and help me create a proper rule exclusion for activating and deactivating plugins in the Wordpress iOS app?
Thank you supremely to any and all people who can help me out here with the proper exclusions!
