From 80b2e6bc4b320681db90799e7effa325eabc4f26 Mon Sep 17 00:00:00 2001
From: ivanr <ivanr@9017d574-64ec-4062-9424-5e00b32a252b>
Date: Fri, 27 Jul 2007 12:38:54 +0000
Subject: [PATCH] Emphasize the need to check REQBODY_PROCESSOR_ERROR in
 configuration example.

---
 modsecurity.conf-minimal | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/modsecurity.conf-minimal b/modsecurity.conf-minimal
index 079820e3..42eca4a3 100644
--- a/modsecurity.conf-minimal
+++ b/modsecurity.conf-minimal
@@ -30,3 +30,11 @@ SecRequestBodyInMemoryLimit 131072
 # Buffer response bodies of up to
 # 512 KB in length
 SecResponseBodyLimit 524288
+
+# Verify that we've correctly processed the request body.
+# As a rule of thumb, when failing to process a request body
+# you should reject the request when deployed in blocking mode
+# or log a high-severity alert when deployed in detection-only mode.
+SecRule REQBODY_PROCESSOR_ERROR "!@eq 0" \
+"phase:2,t:none,log,deny,msg:'Failed to parse request body.',severity:2"
+