I am currently using Magento 2.4.7 with the latest version of Oswap CRS (v4.11.0) in detection-only mode using Modsecurity2. Despite my efforts to exclude certain rules and whitelist specific URLs, I am still experiencing IP blockages by CRS for certain cooling periods like 600 Seconds.
WorkAround:
I switched the SecEngine to Detection Only to avoid blocking, but this undermines the primary purpose of implementing CRS. Are there any existing modules or pre-customized rule sets specifically designed for Magento 2 that can help mitigate these issues, similar to the excluded rules available for WordPress? Alternatively, is there a recommended approach or resource for customizing CRS rules tailored to Magento 2.4, or should i do on my own trial and error based customisation of CRS w.r.t Magento 2.4.7?
Are there rule exclusions and compatibility guidelines for Magento 2 like those available for WordPress and Drupal?
I am not intrested in changing anomaly score thresholds or whitelisting certain IPs to overcome CRS errors, as I plan to enable SecEngine On for my production server.
Any guidance will be appreciated.Thanks in advance.