some question regardin modsecurity

[Raxiel1987]

i'm running multiple sites based on joomla with npm plus ( before was the npm standard)
i upgraded to npm plus 2 weeks ago ( i already posted some issues)
now i have a couple of question regarding modsecurity and some adjustemd i had to do in the modsecurity-default.config to let my websites working ( at least to modify in the backend)

• i had to edit the lines (adding some 0 at end):
  SecRequestBodyLimit 1310720000000
  SecRequestBodyNoFilesLimit 1310720000000
  SecArgumentsLimit 1000000
  SecRule &ARGS "@ge 1000000" \

if the lines was at default i can't edit in the backend of my websites

[file "/data/etc/modsecurity/modsecurity-default.conf"] [line "67"] [id "200007"] [rev ""] [msg "Failed to fully parse request body due to large argument count"] [data ""] [severity "2"] [ver ""] [maturity "0"] [accuracy "0"] [hostname "10.1.1.245"] [uri "/administrator/index.php"] [unique_id "172296146270.157715"]

this is the error i get

so the question is.. modify the lines can harm the security ?

[Zoey2936]

it could make a lot cpu usage, if it needs to parse big files

[Raxiel1987]

ok good.. so not really a security problem :D
i have such a big server so no problem to it ( it happens only when i build a websites/modify)

i was wondering.. if i update the docker container with new version of npm plus the file will be replaced or the config file stay how i modified?

[Zoey2936]

it will only change the example file

[Raxiel1987]

ok good :D

[Raxiel1987]

with this edits of modsecurity config i'm happy to tell you that i can reenable crowdsec (as i said in another discussion i had to disable it)
now it seems to work good no more ban from my websites :D