ModSecurity
ModSecurity copied to clipboard
Published
20 hours ago •
owasp-modsecurity
owasp-modsecurity
Enhancement: Improve log statement for SecArgumentsLimit issue instead of JSON parsing error
Describe the bug
I came accross the issue, when I was sending data as JSON string: Send a JSON string with a specific array length (>1000 items) leads to a http status code 400 including the message "JSON parsing error: parse error: client cancelled parse via callback return value". If less than that threshold, JSON string can be parsed.
ModSecurity for Apache/2.9.7 Apache/2.4.57 (Debian 12)
Logs and dumps
Error message in modsec_audit.log
Message: JSON parsing error: parse error: client cancelled parse via callback return value
Message: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "72"] [id "200002"] [msg "Failed to parse request body."] [data "JSON parsing error: parse error: client cancelled parse via callback return value\x0a"] [severity "CRITICAL"]
Apache-Error: [file "apache2_util.c"] [line 275] [level 3] [client XXXXX] ModSecurity: JSON parsing error: parse error: client cancelled parse via callback return value\\n [hostname "XXXXX"] [uri "XXXXX"] [unique_id "Ze6_ymoEZsb-foW2ptOCKwAAAAo"]
Apache-Error: [file "apache2_util.c"] [line 275] [level 3] [client XXXXX] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "72"] [id "200002"] [msg "Failed to parse request body."] [data "JSON parsing error: parse error: client cancelled parse via callback return value\\\\x0a"] [severity "CRITICAL"] [hostname "XXXXX"] [uri "XXXXX"] [unique_id "Ze6_ymoEZsb-foW2ptOCKwAAAAo"]
Action: Intercepted (phase 2)
Apache-Handler: proxy-server
Stopwatch: 1710145482393235 69656 (- - -)
Stopwatch2: 1710145482393235 69656; combined=801, p1=668, p2=10, p3=0, p4=0, p5=123, sr=132, sw=0, l=0, gc=0
Response-Body-Transformed: Dechunked
Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/); OWASP_CRS/3.3.5.
Server: Apache
Engine-Mode: "ENABLED"
To Reproduce
Contact resource taking a JSON string
curl -X PUT -v https://url/to/your/resource -H 'Content-Type: application/json' -d '[{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789},{"param1":123456789}]'
If you remove one list item {"param1":123456789} from the curl above the request works. So, instead of 1001 use 1000 items.
Expected behavior
The log statement should be more precise that SecArgumentsLimit (default 1000) is the problem and not stating a JSON parsing error. As in ModSecurity for Apache/2.9.7 SecArgumentsLimit is NOT in the modsecurity.conf by default, it's getting even more difficult. You have to add it manually.
Rule Set (please complete the following information): OWASP_CRS/3.3.5.
Additional context
The current message is misleading, at least it was to me. Especially, if your array does not contain one parameter per list item. In my case it was three parameters in one list item and the issue occurred at 334 list items. So, that is a strange number and you do not immediately combine it with the limit 1000 in SecArgumentsLimit. After longer testing I reduced it to one parameter per list item and found 1000 is the limit. After that I searched for the limit 1000 anywhere and found SecArguemtnsLimit.
A side note: same behavior on libmodsecurity3:
2024/03/11 18:39:54 [info] 30127#30127: *1 ModSecurity: Warning. Matched "Operator `Eq' with parameter `0' against variable `REQBODY_ERROR' (Value: `1' ) [file "/etc/nginx/modsecurity.conf"] [line "57"] [id "200002"] [rev ""] [msg "Failed to parse request body."] [data "JSON parsing error: parse error: client cancelled parse via callback return value\x0a"] [severity "2"] [ver ""] [maturity "0"] [accuracy "0"] [hostname "::1"] [uri "/"] [unique_id "171017879429.633491"] [ref "v125,1"], client: ::1, server: _, request: "PUT / HTTP/1.1", host: "localhost"
I also ran into this problem. Thanks to findgin this Github issue, I was able to fix that problem. A more specific error message would be appreciated.
What also confused me at first, was that the SecArgumentsLimit was not in the modsecurity.conf-recommended, (I use modsecurity-crs/stable,now 3.3.4-1 and libapache2-mod-security2/stable,now 2.9.7-1+b1 amd64). According PR https://github.com/owasp-modsecurity/ModSecurity/pull/2738 it seems, that the functionality is available in earlier versions than the change being included in its corresponding modsecurity.conf-recommended.
