diff --git a/rules/REQUEST-903.9003-NEXTCLOUD-EXCLUSION-RULES.conf b/rules/REQUEST-903.9003-NEXTCLOUD-EXCLUSION-RULES.conf index e1dca51c9..809db438c 100644 --- a/rules/REQUEST-903.9003-NEXTCLOUD-EXCLUSION-RULES.conf +++ b/rules/REQUEST-903.9003-NEXTCLOUD-EXCLUSION-RULES.conf @@ -262,6 +262,17 @@ SecRule REQUEST_FILENAME "@contains /remote.php/dav/addressbooks/" \ nolog,\ setvar:'tx.allowed_request_content_type=%{tx.allowed_request_content_type}|text/vcard'" +# Allow modifying contacts via the web interface +SecRule REQUEST_METHOD "@streq PUT" \ + "id:9003321,\ + phase:1,\ + pass,\ + t:none,\ + nolog,\ + chain" + SecRule REQUEST_FILENAME "@contains /remote.php/dav/addressbooks/" \ + "t:none,\ + ctl:ruleRemoveById=200002" # [ Calendar ] #