Merge pull request #2657 from martinhsv/v2/master

Add SecRequestBodyJsonDepthLimit to modsecurity.conf-recommended

Author: martinhsv

CHANGES

@@ -1,6 +1,8 @@
 DD mmm YYYY - 2.9.x (to be released)
 -------------------
 
+ * Add SecRequestBodyJsonDepthLimit to modsecurity.conf-recommended
+   [Issue #2647 @theMiddleBlue, @airween, @877509395 ,@martinhsv]
  * IIS: Update dependencies for Windows build as of v2.9.5
    [@martinhsv]
 

modsecurity.conf-recommended

@@ -58,6 +58,11 @@ SecRequestBodyInMemoryLimit 131072
 #
 SecRequestBodyLimitAction Reject
 
+# Maximum parsing depth allowed for JSON objects. You want to keep this
+# value as low as practical.
+#
+SecRequestBodyJsonDepthLimit 512
+
 # Verify that we've correctly processed the request body.
 # As a rule of thumb, when failing to process a request body
 # you should reject the request (when deployed in blocking mode)