Professional Documents
Culture Documents
REQUEST 903.9003 NEXTCLOUD EXCLUSION RULES - Conf
REQUEST 903.9003 NEXTCLOUD EXCLUSION RULES - Conf
#
# [ File Manager ]
#
#
# The web interface uploads files, and interacts with the user.
# Skip PUT parsing for invalid encoding / protocol violations in binary files.
# Allow REPORT requests without Content-Type header (at least the iOS app does
this)
# [ Searchengine ]
#
# NexCloud uses a search field for filename or content queries.
# [ DAV ]
#
# NextCloud uses DAV methods with index.php and remote.php to do many things
# The default ones in ModSecurity are: GET HEAD POST OPTIONS
#
# Looking through the code, and via testing, I found these:
#
# File manager: PUT DELETE MOVE PROPFIND PROPPATCH
# Calendars: REPORT
# Others in the code or js files: PATCH MKCOL MOVE TRACE
# Others that I added just in case, and they seem related:
# CHECKOUT COPY LOCK MERGE MKACTIVITY UNLOCK.
# We need to allow DAV methods for sharing files, and removing shares
# DELETE - when the share is removed
# PUT - when setting a password / expiration time
# [ Ownnote ]
# [ Text Editor ]
#
# This file can save anything, and it's name could be lots of things.
# [ Address Book ]
#
# Allow the data type 'text/vcard'
# [ Calendar ]
#
# Allow the data type 'text/calendar'
# [ Notes ]
#
# We want to allow a lot of things as the user is
# allowed to note on anything.
#
# [ Login forms ]
#
# Reset password.
SecMarker "END-NEXTCLOUD-ADMIN"
SecMarker "END-NEXTCLOUD"