Add SecRequestBodyJsonDepthLimit to modsecurity.conf-recommended

2025-08-15 23:55:03 +03:00 · 2021-12-21 06:30:28 -08:00 · 2021-12-21 06:30:28 -08:00 · 60be05914c
commit 60be05914c
parent df4bffcdc8
2 changed files with 7 additions and 0 deletions
--- a/2
+++ b/2
@ -1,6 +1,8 @@
 DD mmm YYYY - 2.9.x (to be released)
 -------------------

+ * Add SecRequestBodyJsonDepthLimit to modsecurity.conf-recommended
+   [Issue #2647 @theMiddleBlue, @airween, @877509395 ,@martinhsv]
 * IIS: Update dependencies for Windows build as of v2.9.5
   [@martinhsv]

--- a/modsecurity.conf-recommended
+++ b/modsecurity.conf-recommended
@ -58,6 +58,11 @@ SecRequestBodyInMemoryLimit 131072
 #
 SecRequestBodyLimitAction Reject

+# Maximum parsing depth allowed for JSON objects. You want to keep this
+# value as low as practical.
+#
+SecRequestBodyJsonDepthLimit 512
+
 # Verify that we've correctly processed the request body.
 # As a rule of thumb, when failing to process a request body
 # you should reject the request (when deployed in blocking mode)