Merge pull request #2656 from martinhsv/v3/master

martinhsv · web-flow · commit c072ac29eb90 · 2021-12-22T10:54:24.000-05:00
Add SecRequestBodyJsonDepthLimit to modsecurity.conf-recommended
diff --git a/CHANGES b/CHANGES
@@ -1,6 +1,8 @@
 v3.x.y - YYYY-MMM-DD (to be released)
 -------------------------------------
 
+  - Add SecRequestBodyJsonDepthLimit to modsecurity.conf-recommended
+    [Issue #2647 @theMiddleBlue, @airween, @877509395 ,@martinhsv]
 
 
 v3.0.6 - 2021-Nov-19
diff --git a/modsecurity.conf-recommended b/modsecurity.conf-recommended
@@ -52,6 +52,11 @@ SecRequestBodyNoFilesLimit 131072
 #
 SecRequestBodyLimitAction Reject
 
+# Maximum parsing depth allowed for JSON objects. You want to keep this
+# value as low as practical.
+#
+SecRequestBodyJsonDepthLimit 512
+
 # Verify that we've correctly processed the request body.
 # As a rule of thumb, when failing to process a request body
 # you should reject the request (when deployed in blocking mode)
