Merge pull request #294 from Kuppit/main

fzipi · web-flow · commit 1ef072c69190 · 2024-10-09T13:30:46.000-03:00
fix: use MODSEC_ARGUMENTS_LIMIT in SecRule for argument count limit
diff --git a/src/etc/modsecurity.d/modsecurity.conf b/src/etc/modsecurity.d/modsecurity.conf
@@ -43,7 +43,7 @@ SecRule REQUEST_HEADERS:Content-Type "^(?:application(?:/soap\+|/)|text/)xml" \
     "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"
 SecRule REQUEST_HEADERS:Content-Type "^application/json" \
     "id:'200001',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON"
-SecRule &ARGS "@ge 1000" \
+SecRule &ARGS "@ge ${MODSEC_ARGUMENTS_LIMIT}" \
     "id:'200007', phase:2,t:none,log,deny,status:400,msg:'Failed to fully parse request body due to large argument count',severity:2"
 SecRule REQBODY_ERROR "!@eq 0" \
     "id:'200002', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
