Jason, This is an core rule set question, that you asked on the general ModSecurity mailinglist. I'll move over to the CRS mailinglist for a response:
The optional WordPress rule exclusions need to be activated in the crst-setup.conf. There is not yet a blog post or detailed documentation about it, but it basically follows the Drupal stuff, which I depicted in this blog post this week: https://www.netnea.com/cms/2016/11/22/securing-drupal-with-modsecurity-and-the-core-rule-set-crs3/ If you follow that documentation and apply it to WP you should be good. What is central is, that we are only covering the core stuff so far. We have bigger plans, but this is only a start. There is a bunch of additional rule exclusions being discussed on github right now. So you can expect to get a lot of improvement with subsequent point releases. So far, you can install and publish and read articles without any false positives. But the deeper you dig into the admin stuff, the more likely will you encounter FPs. Good luck - and let's move over to the CRS mailinglist. Cheers, Christian On Fri, Nov 25, 2016 at 08:12:16PM +0000, Jason Mull wrote: > Hello, > > > > While reading over the mailing list post regarding the release of CRS3, I > noticed mention of application-level exclusions for WordPress. Is there > anywhere I can find more info on this functionality (Where / how to enable, > how to view / add exclusions)? > > > Jason > ------------------------------------------------------------------------------ > _______________________________________________ > mod-security-users mailing list > mod-security-us...@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ -- https://www.feistyduck.com/training/modsecurity-training-course mailto:christian.fol...@netnea.com twitter: @ChrFolini _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
