Some rules can create false positives for certain known applications. The following section explains how to allow the application to coexist with the CRS.

Custom Rule Syntax:

SecRule 'variable"@unconditionalMatch"' "id:4099803,phase:1,pass,setvar:'TX:crs_exclusions_=1'"


In this example, Wordpress is added to the CRS Exception list.

SecRule REMOTE_ADDR "@unconditionalMatch" "id:4099803,phase:1,pass,setvar:'TX:crs_exclusions_wordpress=1'"

In addition to this, enable the CRS_903_Application_Specific_Exclusions group in the UI.