Merge pull request #2657 from martinhsv/v2/master

Add SecRequestBodyJsonDepthLimit to modsecurity.conf-recommended
2025-09-30 03:34:29 +03:00 · 2021-12-22 10:16:00 -05:00
parent df4bffcdc8 60be05914c
commit 4fc4ba5c31
2 changed files with 7 additions and 0 deletions
--- a/2
+++ b/2
@@ -1,6 +1,8 @@
 DD mmm YYYY - 2.9.x (to be released)
 -------------------

+ * Add SecRequestBodyJsonDepthLimit to modsecurity.conf-recommended
+   [Issue #2647 @theMiddleBlue, @airween, @877509395 ,@martinhsv]
 * IIS: Update dependencies for Windows build as of v2.9.5
   [@martinhsv]

--- a/modsecurity.conf-recommended
+++ b/modsecurity.conf-recommended
@@ -58,6 +58,11 @@ SecRequestBodyInMemoryLimit 131072
 #
 SecRequestBodyLimitAction Reject

+# Maximum parsing depth allowed for JSON objects. You want to keep this
+# value as low as practical.
+#
+SecRequestBodyJsonDepthLimit 512
+
 # Verify that we've correctly processed the request body.
 # As a rule of thumb, when failing to process a request body
 # you should reject the request (when deployed in blocking mode)