Closed jessebot closed 1 month ago
@jessebot Thanks for the report, but right now the plugin doesn't support Nextcloud cookbook. I'll have to do some testing before support can be added. Although I can give you this rule exclusion just to get you going for now:
# Editing a recipe in Nextcloud Cookbook
SecRule REQUEST_FILENAME "@rx /apps/cookbook/webapp/recipes/[0-9]+$" \
"id:1,\
phase:1,\
pass,\
t:none,\
nolog,\
setvar:'tx.allowed_methods=%{tx.allowed_methods} PUT'"
That's totally fine and thanks so much as always for your help! Perhaps we could have a list of supported Nextcloud apps in the README.md?
@jessebot I agree, but right now nothing is set in stone. I'll have to see what makes sense to support and what doesn't, it'll be impossible to cover every single Nextcloud app out there with reasonable quality.
@jessebot I've finished testing cookbook for false positives, PR is available here: https://github.com/coreruleset/nextcloud-rule-exclusions-plugin/pull/91
Supported/unsupported Nextcloud Apps are now documented since #90 was merged
Here's the ModSecurity transaction log:
If it's helpful, I'm running Nextcloud version
29.0.3
and Cookbook version0.11.1
. Thank you for all your help! 🙏