Added async upload ModSec WAF Exclusion

Author: jbuncle

modsec/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf

@@ -23,3 +23,12 @@ SecRule REQUEST_FILENAME "@rx /wp-json/wp/v2/(pages|posts)/[0-9]+(/autosaves)?"
     ctl:ruleRemoveById=941160,\
     ctl:ruleRemoveById=941180"
 
+# Exclusions for WP Pages saves
+# Fix 'Matched "Operator `Pm' with parameter `..\ ../' against variable `REQUEST_BODY`"  "Path Traversal Attack (/../)"'
+SecRule REQUEST_FILENAME "@endsWith /wp-admin/async-upload.php" \
+    "id:890003,\
+    phase:2,\
+    pass,\
+    t:none,\
+    nolog,\
+    ctl:ruleRemoveById=930110"