From d12959e18fccaf12708897baced782b9a63622fa Mon Sep 17 00:00:00 2001
From: yaoguangzhong <yaoguangzhong@xfusion.com>
Date: Sat, 7 Jan 2023 11:05:51 +0800
Subject: [PATCH] Add SecRequestBodyJsonDepthLimit to
 modsecurity.conf-recommended

From Author: Martin Vierula <martin.vierula@trustwave.com>
---
 modsecurity.conf-recommended | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/modsecurity.conf-recommended b/modsecurity.conf-recommended
index f357d95..c84ddce 100644
--- a/modsecurity.conf-recommended
+++ b/modsecurity.conf-recommended
@@ -58,6 +58,11 @@ SecRequestBodyInMemoryLimit 131072
 #
 SecRequestBodyLimitAction Reject
 
+# Maximum parsing depth allowed for JSON objects. You want to keep this
+# value as low as practical.
+#
+SecRequestBodyJsonDepthLimit 512
+
 # Verify that we've correctly processed the request body.
 # As a rule of thumb, when failing to process a request body
 # you should reject the request (when deployed in blocking mode)
-- 
2.27.0