From 383af8f421ca372edbccebeb89b277edbbd91e3a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Th=C3=A9ophile=20Diot?= <tdiot@bunkerity.com>
Date: Fri, 10 Jan 2025 14:40:31 +0100
Subject: [PATCH] Enhance ModSecurity rules by adding additional rule removal
 for attack-rfi in UI configuration

---
 src/common/core/ui/confs/modsec-crs/ui.conf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/common/core/ui/confs/modsec-crs/ui.conf b/src/common/core/ui/confs/modsec-crs/ui.conf
index 8ff3197c8..feb293320 100644
--- a/src/common/core/ui/confs/modsec-crs/ui.conf
+++ b/src/common/core/ui/confs/modsec-crs/ui.conf
@@ -1,6 +1,6 @@
 {%- if USE_UI == "yes" -%}
-SecRule REQUEST_FILENAME "@rx /(global-config|services/.+)$" "id:1007771,ctl:ruleRemoveById=932235,nolog"
+SecRule REQUEST_FILENAME "@rx /(global-config|services/.+)$" "id:1007771,ctl:ruleRemoveById=932235,ctl:ruleRemoveByTag=attack-rfi,nolog"
 SecRule REQUEST_FILENAME "@rx /(services|cache)/.+$" "id:1007772,ctl:ruleRemoveById=920440,nolog"
-SecRule REQUEST_FILENAME "@rx /(configs)/.+$" "id:1007773,ctl:ruleRemoveByTag=attack-rce,nolog"
+SecRule REQUEST_FILENAME "@rx /(configs)/.+$" "id:1007773,ctl:ruleRemoveByTag=attack-rce,ctl:ruleRemoveByTag=attack-rfi,nolog"
 SecRule REQUEST_FILENAME "@endsWith /logs" "id:1007774,ctl:ruleRemoveById=953100,nolog"
 {%- endif %}