Insecure Deserialization Prevention

Protect against deserialization vulnerabilities:
# Apache deserialization protection
<Location /api>
    # Validate content types
    <If "%{CONTENT_TYPE} =~ m#application/.*serialized#">
        Require all denied
    </If>
    
    # ModSecurity rules
    SecRule REQUEST_HEADERS:Content-Type "@rx (application|text)/.*serialized" \
        "id:3001,\
        phase:1,\
        block,\
        msg:'Serialized Content Blocked',\
        severity:HIGH"
    
    # Block Java serialization signatures
    SecRule REQUEST_BODY "@rx \xac\xed\x00\x05" \
        "id:3002,\
        phase:2,\
        block,\
        msg:'Java Serialization Detected',\
        severity:CRITICAL"
    
    # Block PHP serialization
    SecRule REQUEST_BODY "@rx ^[oO]:\d+:\"" \
        "id:3003,\
        phase:2,\
        block,\
        msg:'PHP Serialization Detected',\
        severity:CRITICAL"
</Location>