Updated Reference Manual (v2.x) (mediawiki)

2026-01-16 08:27:10 +03:00 · 2021-11-24 13:32:04 -05:00
parent 7474efb355
commit b402932821
1 changed files with 17 additions and 0 deletions
--- a/Reference-Manual-(v2.x).mediawiki
+++ b/Reference-Manual-(v2.x).mediawiki
@@ -1237,6 +1237,23 @@ When a multipart/form-data request is being processed, once the in-memory limit

 ; Note : libModSecurity is able to deal with request body in a file or in a buffer (chunked or not). Web servers have properties which controls whenever a request should be saved to a file or used as a buffer (e.g. client_body_buffer_size [https://nginx.org/en/docs/http/ngx_http_core_module.html#client_body_buffer_size]) . If it is a file, ModSecurity will use the file to perform the inspection. If not, the buffer will be used.

+== SecRequestBodyJsonDepthLimit ==
+'''Description:''' Configures the maximum parsing depth that allowed when parsing a JSON object.
+
+'''Syntax:''' <code>SecRequestBodyJsonDepthLimit LIMIT </code>
+
+'''Example Usage:''' <code>SecRequestBodyJsonDepthLimit 5000 </code>
+
+'''Scope:''' Any 
+
+'''Version:''' 2.9.5- , 3.0.6-
+
+'''Supported on libModSecurity:''' Yes - as of 3.0.6
+
+'''Default:''' 10000 
+
+During parsing of a JSON object, if nesting exceeds the configured depth limit then parsing will halt and REQBODY_ERROR will be set.
+
 == SecRequestBodyLimit ==
 '''Description:''' Configures the maximum request body size ModSecurity will accept for buffering.