Some rules can create false positives for certain known applications. The following section explains how to allow the application to coexist with the CRS.
Custom Rule Syntax:
SecRule 'variable"@unconditionalMatch"' "id:4099803,phase:1,pass,setvar:'TX:crs_exclusions_=1'"
Example:
In this example, Wordpress is added to the CRS Exception list.
SecRule REMOTE_ADDR "@unconditionalMatch" "id:4099803,phase:1,pass,setvar:'TX:crs_exclusions_wordpress=1'"
Note:
In addition to this, enable the CRS_903_Application_Specific_Exclusions group in the UI.