Disabling JSON Requests in Modsec


This article applies to:

  • Mod Security

Question:

  • How do I disable JSON in ModSec?

Information:

To disable JSON, disable the rule that enables the JSON body processor. This rule is included in the recommended configuration file for ModSecurity.

SecRuleREQUEST_HEADERS:Content-Type "application/json""id:'200001',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON"

Use the SecRuleRemoveById 200001 directive to disable this rule.

For more information about how to apply the directive, see the related articles listed below.

Last Modified 9/28/2015.
https://support.trustwave.com/kb/KnowledgebaseArticle20396.aspx