[#1762] Add configurable limit for SecRequestBodyNoFilesLimit in ModS…

…ecurity
bunkerity · Dec 31, 2024 · 0fd01af · 0fd01af
1 parent 5155a20
commit 0fd01af
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -12,6 +12,7 @@
 - [FEATURE] Add health check endpoint and integrate it into the scheduler for instance status monitoring
 - [FEATURE] Add country tracking to bans data
 - [FEATURE] Refactored the way the database migrations are handled to make it more reliable and faster using alembic
+- [FEATURE] Add configurable limit for SecRequestBodyNoFilesLimit in ModSecurity via the `MODSECURITY_REQ_BODY_NO_FILES_LIMIT` setting
 - [DEPRECATION] Remove `X-XSS-Protection` header from the `header` plugin as it is deprecated
 - [DEPS] Updated coreruleset-v4 version to v4.10.0
 

diff --git a/src/common/core/modsecurity/confs/server-http/modsecurity-rules.conf.modsec b/src/common/core/modsecurity/confs/server-http/modsecurity-rules.conf.modsec
@@ -34,7 +34,7 @@ SecRequestBodyLimit 13107200
 {% endif %}
 
 # Maximum data size for requests without files
-SecRequestBodyNoFilesLimit 131072
+SecRequestBodyNoFilesLimit {{ MODSECURITY_REQ_BODY_NO_FILES_LIMIT }}
 
 # Reject requests if bigger than max data size
 SecRequestBodyLimitAction Reject

diff --git a/src/common/core/modsecurity/plugin.json b/src/common/core/modsecurity/plugin.json
@@ -79,6 +79,15 @@
       "label": "SecAuditLogParts",
       "regex": "^A(([B-K])(?!.*\\2))+Z$",
       "type": "text"
+    },
+    "MODSECURITY_REQ_BODY_NO_FILES_LIMIT": {
+      "context": "multisite",
+      "default": "131072",
+      "help": "SecRequestBodyNoFilesLimit directive of ModSecurity.",
+      "id": "modsecurity-req-body-no-files-limit",
+      "label": "SecRequestBodyNoFilesLimit",
+      "regex": "^[0-9]+$",
+      "type": "text"
     }
   },
   "jobs": [