[Owasp-modsecurity-core-rule-set] Bug in CRS 2.2.2 rule 960335?

[Ty]

Hello,

I'm running into what I think are false positives for rule 960335 in CRS
2.2.2.  I see blocked requests with "Operator GT matched 512 at ARGS:xxx"
when there are clearly less than 512 parameters being sent.

Should the "SecRule ARGS" rule be replaced with "SecRule &ARGS", like the
below?

Thanks,
Ty

# Maximum number of arguments in request limited
SecRule &TX:MAX_NUM_ARGS "@eq 1" "chain,phase:2,t:none,block,msg:'Too many
arguments in request',id:'960335',severity:'4',rev:'2.2.2'"
    SecRule &ARGS "@gt %{tx.max_num_args}"
"t:none,setvar:'tx.msg=%{rule.msg}',setvar:tx.anomaly_score=+%{tx.notice_anomaly_score},setvar:tx.policy_score=+%{tx.notice_anomaly_score},setvar:tx.%{
rule.id}-POLICY/SIZE_LIMIT-%{matched_var_name}=%{matched_var}"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/attachments/20110907/2295f8b4/attachment.html