Description
Description
When attempting to bulk delete users in WordPress the request results in a 404 triggered by OWASP.
Installation details:
WordPress 6.8.1
OWASP Rule Set V3.0
OS Almalinux 8.10.0 - up-to-date
The following request is issued during delete:
Request:
GET /wp-admin/users.php?s=&_wpnonce=8793efaf9a&_wp_http_referer=%2Fwp-admin%2Fusers.php&action=delete&bulk_action=Apply&new_role=&paged=1&users%5B%5D=2329&users%5B%5D=2282&users%5B%5D=2079&users%5B%5D=2275&users%5B%5D=2196&users%5B%5D=63&users%5B%5D=1926&users%5B%5D=1912&users%5B%5D=2009&users%5B%5D=1870&users%5B%5D=1783&users%5B%5D=2256&users%5B%5D=2050&users%5B%5D=2121&users%5B%5D=2001&users%5B%5D=1820&users%5B%5D=2318&users%5B%5D=1852&users%5B%5D=2093&action2=delete&new_role2=
Justification:
Pattern match "TX:paramcounter_(.*)" at TX:paramcounter_ARGS_NAMES:user
Turning off REQUEST-921-PROTOCOL-ATTACK returns WordPress to normal behaviour.
Your Environment
- CRS version up to date:
- Paranoia level setting PL1 - default :
- ModSecurity version (e.g., 2.9.8):
- Apache httpd 2.4.63
- Operating System and version: AlmaLinux 8.10.0 - up to date
Confirmation
[x ] I have removed any personal data (email addresses, IP addresses,
passwords, domain names) from any logs posted.