diff --git a/conf/modsecurity.conf b/conf/modsecurity.conf
index f6adaac..674a4dd 100644
--- a/conf/modsecurity.conf
+++ b/conf/modsecurity.conf
@@ -16,11 +16,11 @@ SecRule REQUEST_URI|ARGS "<.*>" \
     "id:950003,phase:2,deny,status:403,msg:'XSS/HTML Injection Detected',log"
 
 # command injection
-SecRule REQUEST_URI|ARGS "(\"role\".*:.*\"admin\")|exec|cat|more|ls|dir|/etc/passwd" \
+SecRule ARGS "(\"role\".*:.*\"admin\")|exec|cat|more|ls|dir|/etc/passwd" \
     "id:950006,phase:2,deny,status:403,msg:'Command Injection Detected',log"
 
 # path traversal
-SecRule REQUEST_URI|ARGS "\%00|\%2500|(\./|\.\./)|ftp|metrics|api-docs" \
+SecRule REQUEST_URI|ARGS "\%00|\%2500|\.\./|ftp|metrics|api-docs" \
     "id:950007,phase:2,deny,status:403,msg:'Path traversal attempt',log"
 
 # exposed stuff (redundante ?)