librewolf
/
bunkerized-nginx
mirror of https://github.com/bunkerity/bunkerized-nginx
4
0
Fork 1
Code Issues Projects Releases Wiki Activity

Merge pull request #313 from TheophileDiot/Feature-max-client-size-edit-modsec 

Variable MAX_CLIENT_SIZE change the SecRequestBodyLimit value
This commit is contained in:
Florian Pitance 2022-10-05 15:56:06 +02:00 committed by GitHub
parent 873ccad9b2 5fdcc9e583
commit 01cecf14e5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
core/modsecurity/confs/server-http/modsecurity-rules.conf.modsec
View File

@ -13,7 +13,17 @@ SecRule REQUEST_HEADERS:Content-Type "application/json" \
"id:'200001',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON"
# maximum data size
{% if MAX_CLIENT_SIZE.endswith("k") or MAX_CLIENT_SIZE.endswith("K") %}
SecRequestBodyLimit {{ MAX_CLIENT_SIZE[:-1] | int * 1024 }}
{% elif MAX_CLIENT_SIZE.endswith("m") or MAX_CLIENT_SIZE.endswith("M") %}
SecRequestBodyLimit {{ MAX_CLIENT_SIZE[:-1] | int * 1024 * 1024 }}
{% elif MAX_CLIENT_SIZE.endswith("g") or MAX_CLIENT_SIZE.endswith("G") %}
SecRequestBodyLimit {{ MAX_CLIENT_SIZE[:-1] | int * 1024 * 1024 * 1024 }}
{% elif MAX_CLIENT_SIZE.isdigit() %}
SecRequestBodyLimit {{ MAX_CLIENT_SIZE }}
{% else %}
SecRequestBodyLimit 13107200
{% endif %}
SecRequestBodyNoFilesLimit 131072
# reject requests if bigger than max data size