diff --git a/docs/v3.x/concepts/middlewares.md b/docs/v3.x/concepts/middlewares.md
index 8067049f99..2fe6f0ae80 100644
--- a/docs/v3.x/concepts/middlewares.md
+++ b/docs/v3.x/concepts/middlewares.md
@@ -170,6 +170,9 @@ The following middlewares cannot be disabled: responses, router, logger and boom
   - `multipart` (boolean): Enable or disable multipart bodies parsing. Default value: `true`.
   - `jsonLimit` (string|integer): The byte (if integer) limit of the JSON body. Default value: `1mb`.
   - `formLimit` (string|integer): The byte (if integer) limit of the form body. Default value: `56k`.
+  - `queryStringParser` (see [qs](https://github.com/ljharb/qs) for a full list of options).
+    - `arrayLimit` (integer): the maximum length of an array in the query string. Any array members with an index of greater than the limit will instead be converted to an object with the index as the key. Default value: `100`.
+    - `depth` (integer): maximum parsing depth of nested query string objects. Default value: `20`.
 
 ::: tip
 The session doesn't work with `mongo` as a client. The package that we should use is broken for now.
diff --git a/packages/strapi/lib/middlewares/parser/defaults.json b/packages/strapi/lib/middlewares/parser/defaults.json
index 5ba1b76c99..367e1f0fc5 100644
--- a/packages/strapi/lib/middlewares/parser/defaults.json
+++ b/packages/strapi/lib/middlewares/parser/defaults.json
@@ -1,6 +1,10 @@
 {
   "parser": {
     "enabled": true,
-    "multipart": true
+    "multipart": true,
+    "queryStringParser": {
+      "arrayLimit": 100,
+      "depth": 20
+    }
   }
 }
diff --git a/packages/strapi/lib/middlewares/parser/index.js b/packages/strapi/lib/middlewares/parser/index.js
index 7f5c03a4bf..8ab706e5c8 100644
--- a/packages/strapi/lib/middlewares/parser/index.js
+++ b/packages/strapi/lib/middlewares/parser/index.js
@@ -2,11 +2,12 @@
 
 const body = require('koa-body');
 const qs = require('qs');
+const { omit } = require('lodash');
 
 /**
  * Body parser hook
  */
-const addQsParser = app => {
+const addQsParser = (app, settings) => {
   Object.defineProperty(app.request, 'query', {
     configurable: false,
     enumerable: true,
@@ -16,7 +17,7 @@ const addQsParser = app => {
     get() {
       const qstr = this.querystring;
       const cache = (this._querycache = this._querycache || {});
-      return cache[qstr] || (cache[qstr] = qs.parse(qstr, { depth: 20 }));
+      return cache[qstr] || (cache[qstr] = qs.parse(qstr, settings));
     },
 
     /*
@@ -40,14 +41,13 @@ module.exports = strapi => {
         // disable for graphql
         // TODO: find a better way later
         if (ctx.url === '/graphql') return next();
-
         return body({
           patchKoa: true,
-          ...strapi.config.middleware.settings.parser,
+          ...omit(strapi.config.middleware.settings.parser, 'queryStringParser'),
         })(ctx, next);
       });
 
-      addQsParser(strapi.app);
+      addQsParser(strapi.app, strapi.config.get('middleware.settings.parser.queryStringParser'));
     },
   };
 };