From 6b937cbfa1bb4d8157f6b8cf697c5ef86dce0035 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Th=C3=A9ophile=20Diot?= <tdiot@bunkerity.com>
Date: Thu, 15 Feb 2024 17:53:23 +0100
Subject: [PATCH] Update modsec rules to remove attack-lfi tag in
 /global_config and /services of the web UI to avoid false-positive

---
 src/common/core/ui/confs/modsec/ui.conf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/common/core/ui/confs/modsec/ui.conf b/src/common/core/ui/confs/modsec/ui.conf
index 3c98b3662..ebb326358 100644
--- a/src/common/core/ui/confs/modsec/ui.conf
+++ b/src/common/core/ui/confs/modsec/ui.conf
@@ -1,5 +1,5 @@
 {% if USE_UI == "yes" +%}
-SecRule REQUEST_FILENAME "@rx /services$" "id:7771,ctl:ruleRemoveByTag=attack-rce,ctl:ruleRemoveByTag=attack-xss,ctl:ruleRemoveByTag=attack-generic,nolog"
-SecRule REQUEST_FILENAME "@rx /global_config$" "id:7772,ctl:ruleRemoveByTag=platform-pgsql,nolog"
+SecRule REQUEST_FILENAME "@rx /services$" "id:7771,ctl:ruleRemoveByTag=attack-rce,ctl:ruleRemoveByTag=attack-xss,ctl:ruleRemoveByTag=attack-generic,ctl:ruleRemoveByTag=attack-lfi,nolog"
+SecRule REQUEST_FILENAME "@rx /global_config$" "id:7772,ctl:ruleRemoveByTag=platform-pgsql,ctl:ruleRemoveByTag=attack-lfi,nolog"
 SecRule REQUEST_FILENAME "@rx /configs$" "id:7773,ctl:ruleRemoveByTag=language-shell,ctl:ruleRemoveByTag=attack-lfi,nolog"
 {% endif +%}