Re: [mod-security-users] SecArgumentsLimit Equivalent for XML Processing

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hey Srikanth,

I'm not familia with SecArgumentsLimit. Is it a v3 directive?

What do you want it to do exactly with your XML payload?

Best,

Christian Folini

On Thu, Dec 23, 2021 at 04:43:56PM +0000, Srikanth Arunachalam via mod-security-users wrote:
> Hi
> 
> We have a not very large XML payload (3mb) with tags including
> multiple entries separated with comma.
> 
>     When I remove the comma separation the WAF process takes about 14sec to
> complete.
> When I include the comma separation lists in XML tag, it complex in 29
> seconds.
> 
> Had this been a json payload, I would have used SecArgumentsLimit. It has
> not been effective in XML.
> 
> Any sooner suggestion/response would be appreciated.
> 
> Kind Regards
> Srikanth Arunachalam

> _______________________________________________
> mod-security-users mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
> http://www.modsecurity.org/projects/commercial/rules/
> http://www.modsecurity.org/projects/commercial/support/