Add SecRequestBodyJsonDepthLimit to modsecurity.conf-recommended

2025-08-13 13:26:01 +03:00 · 2021-12-21 06:18:53 -08:00 · 2021-12-21 06:18:53 -08:00 · 0275c8847b
commit 0275c8847b
parent 19d50f4da4
2 changed files with 7 additions and 0 deletions
--- a/2
+++ b/2
@ -1,6 +1,8 @@
 v3.x.y - YYYY-MMM-DD (to be released)
 -------------------------------------

+  - Add SecRequestBodyJsonDepthLimit to modsecurity.conf-recommended
+    [Issue #2647 @theMiddleBlue, @airween, @877509395 ,@martinhsv]


 v3.0.6 - 2021-Nov-19
--- a/modsecurity.conf-recommended
+++ b/modsecurity.conf-recommended
@ -52,6 +52,11 @@ SecRequestBodyNoFilesLimit 131072
 #
 SecRequestBodyLimitAction Reject

+# Maximum parsing depth allowed for JSON objects. You want to keep this
+# value as low as practical.
+#
+SecRequestBodyJsonDepthLimit 512
+
 # Verify that we've correctly processed the request body.
 # As a rule of thumb, when failing to process a request body
 # you should reject the request (when deployed in blocking mode)