github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 05:45:59 +03:00
Code Issues Packages Projects Releases Wiki Activity

Add SecArgumentsLimit to modsecurity.conf-recommended

Browse Source
This commit is contained in:
Martin Vierula 2022-05-04 11:40:32 -07:00
parent 0b6bd39a52
commit 7b696d8c57
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
modsecurity.conf-recommended
View File

@ -57,6 +57,16 @@ SecRequestBodyLimitAction Reject
# #
SecRequestBodyJsonDepthLimit 512 SecRequestBodyJsonDepthLimit 512
# Maximum number of args allowed per request. You want to keep this
# value as low as practical. The value should match that in rule 200007.
SecArgumentsLimit 1000
# If SecArgumentsLimit has been set, you probably want to reject any
# request body that has only been partly parsed. The value used in this
# rule should match what was used with SecArgumentsLimit
SecRule &ARGS "@ge 1000" \
"id:'200007', phase:2,t:none,log,deny,status:400,msg:'Failed to fully parse request body due to large argument count',severity:2"
# Verify that we've correctly processed the request body. # Verify that we've correctly processed the request body.
# As a rule of thumb, when failing to process a request body # As a rule of thumb, when failing to process a request body
# you should reject the request (when deployed in blocking mode) # you should reject the request (when deployed in blocking mode)