Merge pull request #2 from emphazer/patch-2

Update REQUEST-903.9001-DRUPAL-EXCLUSION-RULES.conf

rules/REQUEST-903.9001-DRUPAL-EXCLUSION-RULES.conf

@@ -312,4 +312,52 @@ SecAction "id:9001390,\
 	ctl:ruleRemoveTargetById=942450;REQUEST_COOKIES_NAMES,\
 	ctl:ruleRemoveTargetById=942450;REQUEST_COOKIES" 
 
+
+#
+# [ WYSIWYG/CKEditor assets and upload ]
+# 
+# Disable the unnecessary requestBodyAccess and for binary uploads
+#
+# 
+#
+SecRule REQUEST_METHOD "@streq POST" \
+        "id:'9001390',\
+        phase:1,\
+        t:none,\
+        pass,\
+        nolog,\
+        noauditlog,\
+        chain"
+                SecRule REQUEST_FILENAME "/admin/content/assets/add/[a-z]+$" chain
+                SecRule REQUEST_COOKIES:/S?SESS[a-f0-9]+/ "^[a-zA-Z0-9_-]+" \
+                ctl:requestBodyAccess=Off
+
+SecRule REQUEST_METHOD "@streq POST" \
+        "id:'9001400',\
+        phase:1,\
+        t:none,\
+        pass,\
+        nolog,\
+        noauditlog,\
+        chain"
+                SecRule REQUEST_FILENAME "/admin/content/assets/manage/[0-9]+$" chain
+                SecRule ARGS:destination "@streq admin/content/assets" chain
+                SecRule REQUEST_HEADERS:Content-Length "@gt 31486341" chain
+                SecRule REQUEST_COOKIES:/S?SESS[a-f0-9]+/ "^[a-zA-Z0-9_-]+" \
+                ctl:requestBodyAccess=Off
+
+SecRule REQUEST_METHOD "@streq POST" \
+        "id:'9001410',\
+        phase:1,\
+        t:none,\
+        pass,\
+        nolog,\
+        noauditlog,\
+        chain"
+                SecRule REQUEST_FILENAME "/file/ajax/field_asset_[a-z0-9_]+/[ua]nd/0/form-[a-z0-9A-Z_-]+$" chain
+                SecRule REQUEST_HEADERS:Content-Length "@gt 31486341" chain
+                SecRule REQUEST_HEADERS:Content-Type "@streq multipart/form-data" chain
+                SecRule REQUEST_COOKIES:/S?SESS[a-f0-9]+/ "^[a-zA-Z0-9_-]+" \
+                ctl:requestBodyAccess=Off
+
 SecMarker END-DRUPAL-RULE-EXCLUSIONS