Support configurable limit on number of arguments processed by martinhsv · Pull Request #2844 · owasp-modsecurity/ModSecurity (original) (raw)

This is the ModSecurity v2 implementation of the SecArgumentsLimit configuration item, which was previously implemented in ModSecurity v3.

The limit is configurable via the new directive but there is a software default of 1000.

Exceeding the limit will set REQBODY_ERROR and additional arguments beyond the limit will not be included. With JSON body processing there is an additional short-circuit to halt parsing once the limit is breached.