# Rules
#######

SecRule REQUEST_FILENAME "@endsWith /apps/user_status/heartbeat" \
    "id:99000001,\
    phase:1,\
    pass,\
    t:none,\
    nolog,\
    ctl:ruleRemoveById=911100"

SecRule REQUEST_FILENAME "@rx /apps/text/session/(?:create|fetch|sync|close)$" \
    "id:99000002,\
    phase:1,\
    pass,\
    t:none,\
    nolog,\
    ver:'OWASP_CRS/3.2.0',\
    setvar:'tx.allowed_methods=%{tx.allowed_methods} PUT DELETE'"

SecRule REQUEST_FILENAME "@contains /auth/saml2/sp/saml2-acs.php" \
    "id:99000003,\
    phase:1,\
    pass,\
    t:none,\
    nolog,\
    ctl:ruleRemoveById=920440"

SecRule REQUEST_FILENAME "@contains /auth/saml2/sp/saml2-logout.php" \
    "id:99000004,\
    phase:1,\
    pass,\
    t:none,\
    nolog,\
    ctl:ruleRemoveById=920440"

SecRule REQUEST_FILENAME "@contains /apps/text/session" \
    "id:99000005,\
    phase:1,\
    pass,\
    t:none,\
    nolog,\
    ctl:ruleRemoveById=911100"

SecRule REQUEST_FILENAME "@contains /apps/user_status/heartbeat" "phase:1,id:99000006,nolog,chain"
   SecRule REQUEST_BODY_LENGTH "@eq 0" "ctl:requestBodyAccess=off"

SecRule REQUEST_FILENAME "@contains /remote.php/dav" "phase:1,id:99000007,nolog,chain"
   SecRule REQUEST_BODY_LENGTH "@eq 0" "ctl:requestBodyAccess=off"

SecRule REQUEST_FILENAME "@contains /apps/text/session" "phase:1,id:99000008,nolog,chain"
   SecRule REQUEST_BODY_LENGTH "@eq 0" "ctl:requestBodyAccess=off"

SecRule REQUEST_FILENAME "@contains /socket.io" "phase:1,id:99000009,nolog,chain"
   SecRule REQUEST_BODY_LENGTH "@eq 0" "ctl:requestBodyAccess=off"

SecRule REQUEST_FILENAME "@contains /auth/realms/master/avatar-provider" "phase:1,id:99000010,nolog,chain"
   SecRule REQUEST_BODY_LENGTH "@eq 0" "ctl:requestBodyAccess=off"

SecRule REQUEST_FILENAME "@contains /lib/ajax/service-nologin.php" "phase:1,id:99000011,nolog,chain"
   SecRule REQUEST_BODY_LENGTH "@eq 0" "ctl:requestBodyAccess=off"

SecRule REQUEST_FILENAME "@contains /lib/ajax/service.php" "phase:1,id:99000012,nolog,chain"
   SecRule REQUEST_BODY_LENGTH "@eq 0" "ctl:requestBodyAccess=off"

SecRule REQUEST_FILENAME "@contains /apps/polls/poll" "phase:1,id:99000013,nolog,chain"
   SecRule REQUEST_BODY_LENGTH "@eq 0" "ctl:requestBodyAccess=off"

SecRule REQUEST_URI "^/status.php" \
  "phase:1,id:99000014,t:none,t:lowercase,deny,status:403,msg:'403 Access Denied',chain"
  SecRule SERVER_NAME "@contains nextcloud."

SecRule REQUEST_URI "@contains /wp-json/wp/v2/users" \
  "phase:1,id:99000015,t:none,t:lowercase,deny,status:403,msg:'403 Access Denied',chain"
  SecRule SERVER_NAME "@contains wp."

SecRule REQUEST_URI "@contains /report/security/index.php" \
  "phase:1,id:99000016,t:none,t:lowercase,deny,status:403,msg:'403 Access Denied',chain"
  SecRule SERVER_NAME "@contains moodle." \
    "t:none,\
    chain"
    SecRule ARGS:detail "@streq core_publicpaths" \
      "t:none"