We need to modify this rule but I am thinking we should actually leave this intact and create a custom rule so we're upgrade-safe.  Anyone have an opinion on this?

Rule Triggered
# Maximum number of arguments in request limited
SecRule &ARGS "@gt 255" "phase:2,t:none,deny,log,auditlog,status:403,msg:'Too many arguments in request',id:'960335',severity:'4'"

Error Message

--86e3546e-H--
Message: Access denied with code 403 (phase 2). Operator GT matched 255 at ARGS. [file "/usr/local/apache2/conf/modsecurity/modsecurity_crs_23_request_limits.conf"] [line "28"] [id "960335"] [msg "Too many arguments in request"] [severity "WARNING"]
Action: Intercepted (phase 2)
Apache-Handler: jakarta-servlet
Stopwatch: 1225473611559565 139104 (2962* 22628 -)
Producer: ModSecurity for Apache/2.5.6 (http://www.modsecurity.org/); core ruleset/1.6.1.
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.15