azurit

@Danrancan Other combinations of rules and session variables triggered this time. Try this: ``` SecRule SERVER_NAME "@streq www.mcmo.xyz" \ "id:9999001,\ phase:1,\ pass,\ t:none,\ nolog,\ ctl:ruleRemoveTargetById=932236;REQUEST_COOKIES:sbjs_first_add,\ ctl:ruleRemoveTargetById=941150;REQUEST_COOKIES:sbjs_current,\ ctl:ruleRemoveTargetById=932236;REQUEST_COOKIES:sbjs_session,\ ctl:ruleRemoveTargetById=941150;REQUEST_COOKIES:sbjs_first" ```

Ok, try this: ``` SecRule REQUEST_HEADERS:Host "@streq www.mcmo.xyz" \ "id:9999001,\ phase:1,\ pass,\ t:none,\ nolog,\ ctl:ruleRemoveTargetById=932236;REQUEST_COOKIES:sbjs_first_add,\ ctl:ruleRemoveTargetById=941150;REQUEST_COOKIES:sbjs_current,\ ctl:ruleRemoveTargetById=932236;REQUEST_COOKIES:sbjs_session,\ ctl:ruleRemoveTargetById=941150;REQUEST_COOKIES:sbjs_first" ```

@Danrancan No, it works. Other rules for other parts of the requests triggered. You are going to need more exclusion rules. I can show you how to write them but...

Hmm, looks like i picked wrong cyphers - both of these supports forward secrecy. But i can't see those mentioned in CIS benchmark anywhere in the configuration.

@seanScoompy Ping.

I can take this. @fzipi Would it be sufficient to create a first version of RE plugin based on examples of communication from tutorials ([here](https://www.odata.org/getting-started/basic-tutorial/) and [here](https://www.odata.org/getting-started/advanced-tutorial/))?

@fzipi No, this is a different issue.

Hi @shivapalsingh. Can you be more specific about the error you had to fix? Thank you.

@Munrok Thanks for reporting this. Unfortunately, we do not support Woocommerce or any other WordPress plugin. For plain WordPress, you can use [WordPress Rule Exclusions Plugin](https://github.com/coreruleset/wordpress-rule-exclusions-plugin). Anyway, this exclusion rule...

Fixed with https://github.com/coreruleset/wordpress-rule-exclusions-plugin/pull/43.