From b3995e5d332be9f2445ee91b6e1366440bdbe109 Mon Sep 17 00:00:00 2001
From: emphazer <emphazer666@gmail.com>
Date: Sat, 8 Oct 2016 14:48:18 +0200
Subject: [PATCH 1/2] Update REQUEST-903.9001-DRUPAL-EXCLUSION-RULES.conf

---
 ...QUEST-903.9001-DRUPAL-EXCLUSION-RULES.conf | 48 +++++++++++++++++++
 1 file changed, 48 insertions(+)

diff --git a/rules/REQUEST-903.9001-DRUPAL-EXCLUSION-RULES.conf b/rules/REQUEST-903.9001-DRUPAL-EXCLUSION-RULES.conf
index 24dd7ef4c..9a36d2434 100644
--- a/rules/REQUEST-903.9001-DRUPAL-EXCLUSION-RULES.conf
+++ b/rules/REQUEST-903.9001-DRUPAL-EXCLUSION-RULES.conf
@@ -310,4 +310,52 @@ SecAction "id:9001380,\
 	ctl:ruleRemoveTargetById=942450;REQUEST_COOKIES_NAMES,\
 	ctl:ruleRemoveTargetById=942450;REQUEST_COOKIES" 
 
+
+#
+# [ WYSIWYG/CKEditor assets and upload ]
+# 
+# Disable the unnecessary requestBodyAccess and for binary uploads
+#
+# 
+#
+SecRule REQUEST_METHOD "^POST$" \
+        "id:'9001390',\
+        phase:1,\
+        t:none,\
+        pass,\
+        nolog,\
+        noauditlog,\
+        chain"
+                SecRule REQUEST_FILENAME "/admin/content/assets/add/[a-z]+$" chain
+                SecRule REQUEST_COOKIES:/S?SESS[a-f0-9]+/ "^[a-zA-Z0-9_-]+" \
+                ctl:requestBodyAccess=Off,ctl:ruleRemoveById=200004
+
+SecRule REQUEST_METHOD "^POST$" \
+        "id:'9001400',\
+        phase:1,\
+        t:none,\
+        pass,\
+        nolog,\
+        noauditlog,\
+        chain"
+                SecRule REQUEST_FILENAME "/admin/content/assets/manage/[0-9]+$" chain
+                SecRule ARGS:destination "@eq admin/content/assets" chain
+                SecRule REQUEST_HEADERS:Content-Length "@gt 31486341" chain
+                SecRule REQUEST_COOKIES:/S?SESS[a-f0-9]+/ "^[a-zA-Z0-9_-]+" \
+                ctl:requestBodyAccess=Off
+
+SecRule REQUEST_METHOD "^POST$" \
+        "id:'9001410',\
+        phase:1,\
+        t:none,\
+        pass,\
+        nolog,\
+        noauditlog,\
+        chain"
+                SecRule REQUEST_FILENAME "/file/ajax/field_asset_[a-z0-9_]+/und/0/form-[a-z0-9A-Z_-]+$" chain
+                SecRule REQUEST_HEADERS:Content-Length "@gt 31486341" chain
+                SecRule REQUEST_HEADERS:Content-Type "@rx ^multipart/form-data" chain
+                SecRule REQUEST_COOKIES:/S?SESS[a-f0-9]+/ "^[a-zA-Z0-9_-]+" \
+                ctl:requestBodyAccess=Off
+
 SecMarker END-DRUPAL-RULE-EXCLUSIONS

From 8cfc158bbf949a2b56c3105557a188535f41e6c6 Mon Sep 17 00:00:00 2001
From: emphazer <emphazer666@gmail.com>
Date: Mon, 10 Oct 2016 12:49:06 +0200
Subject: [PATCH 2/2] Update REQUEST-903.9001-DRUPAL-EXCLUSION-RULES.conf

---
 rules/REQUEST-903.9001-DRUPAL-EXCLUSION-RULES.conf | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/rules/REQUEST-903.9001-DRUPAL-EXCLUSION-RULES.conf b/rules/REQUEST-903.9001-DRUPAL-EXCLUSION-RULES.conf
index 9a36d2434..3b6ab2a6c 100644
--- a/rules/REQUEST-903.9001-DRUPAL-EXCLUSION-RULES.conf
+++ b/rules/REQUEST-903.9001-DRUPAL-EXCLUSION-RULES.conf
@@ -318,7 +318,7 @@ SecAction "id:9001380,\
 #
 # 
 #
-SecRule REQUEST_METHOD "^POST$" \
+SecRule REQUEST_METHOD "@streq POST" \
         "id:'9001390',\
         phase:1,\
         t:none,\
@@ -328,9 +328,9 @@ SecRule REQUEST_METHOD "^POST$" \
         chain"
                 SecRule REQUEST_FILENAME "/admin/content/assets/add/[a-z]+$" chain
                 SecRule REQUEST_COOKIES:/S?SESS[a-f0-9]+/ "^[a-zA-Z0-9_-]+" \
-                ctl:requestBodyAccess=Off,ctl:ruleRemoveById=200004
+                ctl:requestBodyAccess=Off
 
-SecRule REQUEST_METHOD "^POST$" \
+SecRule REQUEST_METHOD "@streq POST" \
         "id:'9001400',\
         phase:1,\
         t:none,\
@@ -339,12 +339,12 @@ SecRule REQUEST_METHOD "^POST$" \
         noauditlog,\
         chain"
                 SecRule REQUEST_FILENAME "/admin/content/assets/manage/[0-9]+$" chain
-                SecRule ARGS:destination "@eq admin/content/assets" chain
+                SecRule ARGS:destination "@streq admin/content/assets" chain
                 SecRule REQUEST_HEADERS:Content-Length "@gt 31486341" chain
                 SecRule REQUEST_COOKIES:/S?SESS[a-f0-9]+/ "^[a-zA-Z0-9_-]+" \
                 ctl:requestBodyAccess=Off
 
-SecRule REQUEST_METHOD "^POST$" \
+SecRule REQUEST_METHOD "@streq POST" \
         "id:'9001410',\
         phase:1,\
         t:none,\
@@ -352,9 +352,9 @@ SecRule REQUEST_METHOD "^POST$" \
         nolog,\
         noauditlog,\
         chain"
-                SecRule REQUEST_FILENAME "/file/ajax/field_asset_[a-z0-9_]+/und/0/form-[a-z0-9A-Z_-]+$" chain
+                SecRule REQUEST_FILENAME "/file/ajax/field_asset_[a-z0-9_]+/[ua]nd/0/form-[a-z0-9A-Z_-]+$" chain
                 SecRule REQUEST_HEADERS:Content-Length "@gt 31486341" chain
-                SecRule REQUEST_HEADERS:Content-Type "@rx ^multipart/form-data" chain
+                SecRule REQUEST_HEADERS:Content-Type "@streq multipart/form-data" chain
                 SecRule REQUEST_COOKIES:/S?SESS[a-f0-9]+/ "^[a-zA-Z0-9_-]+" \
                 ctl:requestBodyAccess=Off