From 1f6bb854c356d422970a84b617e396e122345393 Mon Sep 17 00:00:00 2001
From: vasco <vasco@vascoalves.xyz>
Date: Tue, 2 Jun 2026 22:44:16 +0100
Subject: [PATCH] kys10

---
 conf/modsecurity.conf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/conf/modsecurity.conf b/conf/modsecurity.conf
index f6adaac..674a4dd 100644
--- a/conf/modsecurity.conf
+++ b/conf/modsecurity.conf
@@ -16,11 +16,11 @@ SecRule REQUEST_URI|ARGS "<.*>" \
     "id:950003,phase:2,deny,status:403,msg:'XSS/HTML Injection Detected',log"
 
 # command injection
-SecRule REQUEST_URI|ARGS "(\"role\".*:.*\"admin\")|exec|cat|more|ls|dir|/etc/passwd" \
+SecRule ARGS "(\"role\".*:.*\"admin\")|exec|cat|more|ls|dir|/etc/passwd" \
     "id:950006,phase:2,deny,status:403,msg:'Command Injection Detected',log"
 
 # path traversal
-SecRule REQUEST_URI|ARGS "\%00|\%2500|(\./|\.\./)|ftp|metrics|api-docs" \
+SecRule REQUEST_URI|ARGS "\%00|\%2500|\.\./|ftp|metrics|api-docs" \
     "id:950007,phase:2,deny,status:403,msg:'Path traversal attempt',log"
 
 # exposed stuff (redundante ?)