I'm have mod_security installed on an Ubuntu 14.04 Apache 2.4.7 running a WordPress site. I have a handful of rules that I need to ignore, but I'm having trouble implementing some wildcard rules so that I don't have to specify each and every page..
What I have (in my site.conf file) is...
<LocationMatch "/wp-admin/post.php">
SecRuleRemoveById 300016
</LocationMatch>
<LocationMatch "/wp-admin/nav-menus.php">
SecRuleRemoveById 300016
</LocationMatch>
<LocationMatch "(/wp-admin/|/wp-login.php)">
SecRuleRemoveById 950117
SecRuleRemoveById 950005
SecRuleRemovebyID 981173
SecRuleRemovebyId 960024
</LocationMatch>
<LocationMatch "/wp-admin/load-scripts.php">
SecRuleRemoveById 981173
</LocationMatch>
<LocationMatch "/wp-admin/plugins.php">
SecRuleRemoveById 981173
</LocationMatch>
<LocationMatch "/wp-admin/customize.php">
SecRuleRemoveById 981173
</LocationMatch>
What I want is to consolidate everything into a single rule that uses a wildcard on wp-admin and wp-login.
I've tried the following but it seems to be ignored as mod_security is throwing denials..
<LocationMatch "(/wp-admin/*|/wp-login/*)">
....
and also
<LocationMatch "(/wp-admin/*)">
....
and also
<Location "/wp-admin/*">
....
I've done some research on LocationMatch and regex but I'm not getting something here. Is what I'm waning to do possible?
EDIT:
The referrer URL in the modsec_audit.log is http://www.<site>.com/wp-admin/customize.php?theme=modality
This should work:
<LocationMatch "/wp-(admin|login)/">
You don't need a wildcard here, because you just want to detect the beginning of the path and it doesn't matter, what comes after the 2nd slash.
For Location, you need a ~ to trigger the regex interpretation:
<Location ~ "/wp-(admin|login)/">
More details: