Emphasize the need to check REQBODY_PROCESSOR_ERROR in configuration example.

2025-08-13 21:36:00 +03:00 · 2007-07-27 12:38:54 +00:00 · 2007-07-27 12:38:54 +00:00 · 3facacf92a
commit 3facacf92a
parent 73706c8bc6
1 changed files with 8 additions and 0 deletions
--- a/modsecurity.conf-minimal
+++ b/modsecurity.conf-minimal
@ -30,3 +30,11 @@ SecRequestBodyInMemoryLimit 131072
 # Buffer response bodies of up to
 # 512 KB in length
 SecResponseBodyLimit 524288
+
+# Verify that we've correctly processed the request body.
+# As a rule of thumb, when failing to process a request body
+# you should reject the request (when deployed in blocking mode)
+# or log a high-severity alert (when deployed in detection-only mode).
+SecRule REQBODY_PROCESSOR_ERROR "!@eq 0" \
+"phase:2,t:none,log,deny,msg:'Failed to parse request body.',severity:2"
+