Merge pull request #1656 from lifeforms/xenforo-fp

XenForo: additional exclusions
SpiderLabs · Jan 6, 2020 · 3cf85f6 · 3cf85f6
2 parents d489f9b + 5e7a319
commit 3cf85f6
Showing 1 changed file with 19 additions and 2 deletions.
diff --git a/rules/REQUEST-903.9006-XENFORO-EXCLUSION-RULES.conf b/rules/REQUEST-903.9006-XENFORO-EXCLUSION-RULES.conf
@@ -80,8 +80,9 @@ SecRule REQUEST_FILENAME "@rx /(?:conversations|(?:conversations|forums|threads)
 # POST /xf/threads/thread-title.12345/add-reply
 # POST /xf/threads/thread-title.12345/reply-preview
 # POST /xf/forums/forum-title.12345/post-thread
+# POST /xf/forums/blogs/post-thread
 # POST /xf/forums/forum-title.12345/thread-preview
-SecRule REQUEST_FILENAME "@rx /(?:conversations/add(?:-preview)?|conversations/messages/\d+/edit|posts/\d+/(?:edit|preview)|(?:conversations|threads)/.*\.\d+/(?:add-reply|reply-preview)|forums/.*\.\d+/(?:post-thread|thread-preview))$" \
+SecRule REQUEST_FILENAME "@rx /(?:conversations/add(?:-preview)?|conversations/messages/\d+/edit|posts/\d+/(?:edit|preview)|(?:conversations|threads)/.*\.\d+/(?:add-reply|reply-preview)|forums/.*/(?:post-thread|thread-preview))$" \
     "id:9006120,\
     phase:2,\
     pass,\
@@ -148,7 +149,8 @@ SecRule REQUEST_FILENAME "@streq /inline-mod/" \
 
 # Warn member
 # POST /xf/members/name.12345/warn
-SecRule REQUEST_FILENAME "@rx /members/\*\.\d+/warn$" \
+# POST /xf/posts/12345/warn
+SecRule REQUEST_FILENAME "@rx /(?:members/.*\.\d+|posts/\d+)/warn$" \
     "id:9006170,\
     phase:2,\
     pass,\
@@ -386,6 +388,7 @@ SecAction \
     nolog,\
     ctl:ruleRemoveTargetById=931120;ARGS:_xfRedirect,\
     ctl:ruleRemoveTargetById=941150;ARGS:_xfRedirect,\
+    ctl:ruleRemoveTargetById=942230;ARGS:_xfRedirect,\
     ctl:ruleRemoveTargetById=931120;ARGS:_xfRequestUri,\
     ctl:ruleRemoveTargetById=941150;ARGS:_xfRequestUri,\
     ctl:ruleRemoveTargetById=942130;ARGS:_xfRequestUri,\
@@ -397,6 +400,7 @@ SecAction \
     ctl:ruleRemoveTargetById=942150;REQUEST_COOKIES:xf_emoji_usage,\
     ctl:ruleRemoveTargetById=942410;REQUEST_COOKIES:xf_emoji_usage,\
     ctl:ruleRemoveTargetByTag=OWASP_CRS;REQUEST_COOKIES:xf_ls,\
+    ctl:ruleRemoveTargetById=942100;REQUEST_COOKIES:xf_session,\
     ctl:ruleRemoveTargetById=942100;REQUEST_COOKIES:xf_user"
 
 #
@@ -504,6 +508,19 @@ SecRule REQUEST_FILENAME "@endsWith /admin.php" \
         ctl:ruleRemoveTargetById=942340;ARGS:json,\
         ctl:ruleRemoveTargetById=942370;ARGS:json"
 
+# Set forum options
+# POST /xf/admin.php?options/update
+SecRule REQUEST_FILENAME "@endsWith /admin.php" \
+    "id:9006960,\
+    phase:2,\
+    pass,\
+    t:none,\
+    nolog,\
+    chain"
+    SecRule REQUEST_URI "@rx /admin\.php\?options/update" \
+        "t:none,\
+        ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:options[boardInactiveMessage]"
+
 SecMarker "END-XENFORO-ADMIN"
 
 SecMarker "END-XENFORO"