From 3366f707bffb3f3fa280ceeaaffb291921e65fc7 Mon Sep 17 00:00:00 2001
From: Martin Vierula <martin.vierula@trustwave.com>
Date: Wed, 11 May 2022 13:52:22 -0700
Subject: [PATCH] Add SecArgumentsLimit description

---
 Reference-Manual-(v3.x).mediawiki | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/Reference-Manual-(v3.x).mediawiki b/Reference-Manual-(v3.x).mediawiki
index 233fec8..f449c43 100644
--- a/Reference-Manual-(v3.x).mediawiki
+++ b/Reference-Manual-(v3.x).mediawiki
@@ -189,6 +189,25 @@ This directive is commonly used to set variables and initialize persistent colle
 
 This directive is needed if a backend web application is using a nonstandard argument separator. Applications are sometimes (very rarely) written to use a semicolon separator. You should not change the default setting unless you establish that the application you are working with requires a different separator. If this directive is not set properly for each web application, then ModSecurity will not be able to parse the arguments appropriately and the effectiveness of the rule matching will be significantly decreased.
 
+== SecArgumentsLimit ==
+'''Description:''' Configures the maximum number of ARGS that will be accepted for processing.
+
+'''Syntax:''' <code>SecArgumentsLimit LIMIT </code>
+
+'''Example Usage:''' <code>SecArgumentsLimit 1000 </code>
+
+'''Scope:''' Any
+
+'''Version:''' 3.0.5
+
+'''Default:''' no limit
+
+When using this setting, it is recommended to accompany it with a rule that will test for that same integer value and deny the request if it is reached. E.g.
+<pre>
+SecRule &ARGS "@ge 1000" "id:'200007', phase:2,t:none,log,deny,status:400,msg: ...
+</pre>
+Without such a matching rule, an attacker could potentially evade detection by placing the attack payload in a parameter occurring beyond the limit.
+
 == SecAuditEngine ==
 '''Description:''' Configures the audit logging engine.