Modsecurity parse nested keys in json

Modsecurity parse nested keys in json

I am writing an exception rule. I have the JSON:

{"pageNumber":0,"pageSize":100,"sorts":[{"field":"hex","direction":"ASC"}],"filters":[{"field":"admin","value":"TRANSPORT","operation":"EQ"}]}

In it, you need to find the fields value in the sorts array. And if it matches, for example, the word hex, add it to the exception. The rule works, for example, for the pageNumber key.

But it doesn't work for a nested key in an array.

Works: SecRule ARGS:json.pageNumber "@contains hex" \

I tried it like this:

SecRule ARGS:json.sorts.0.field "@contains hex" \

SecRule ARGS:json.sorts.field "@contains hex" \

SecRule ARGS:json:sorts.field "@contains hex" \

SecRule ARGS:json.sorts:0.field "@contains hex" \

But it didn't help.