github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-17 14:46:13 +03:00
Code Issues Packages Projects Releases Wiki Activity

Add SecRequestBodyJsonDepthLimit to modsecurity.conf-recommended

Browse Source
This commit is contained in:
Martin Vierula 2021-12-21 06:30:28 -08:00
parent df4bffcdc8
commit 60be05914c
No known key found for this signature in database
GPG Key ID: F2FC4E45883BCBA4
2 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGES
View File

@ -1,6 +1,8 @@
DD mmm YYYY - 2.9.x (to be released) DD mmm YYYY - 2.9.x (to be released)
------------------- -------------------
* Add SecRequestBodyJsonDepthLimit to modsecurity.conf-recommended
[Issue #2647 @theMiddleBlue, @airween, @877509395 ,@martinhsv]
* IIS: Update dependencies for Windows build as of v2.9.5 * IIS: Update dependencies for Windows build as of v2.9.5
[@martinhsv] [@martinhsv]

5
modsecurity.conf-recommended
View File

@ -58,6 +58,11 @@ SecRequestBodyInMemoryLimit 131072
# #
SecRequestBodyLimitAction Reject SecRequestBodyLimitAction Reject
# Maximum parsing depth allowed for JSON objects. You want to keep this
# value as low as practical.
#
SecRequestBodyJsonDepthLimit 512
# Verify that we've correctly processed the request body. # Verify that we've correctly processed the request body.
# As a rule of thumb, when failing to process a request body # As a rule of thumb, when failing to process a request body
# you should reject the request (when deployed in blocking mode) # you should reject the request (when deployed in blocking mode)