Search code examples
mod-securitymod-security2

Use requestBodyProcessor after base64Decode

ModSecurity allows us to use different request body processors (e.g. for XML or JSON). My question is, is it possible to first decode a body that holds a base64 encoded string

eyJuYW1lIjoiSm9obiIsICJhZ2UiOjI1fQ==

which translates to

{"name":"John", "age":25}

and after that use requestBodyProcessor=JSON?

I tried different rules with transformations and so on, but couldn't get it to work.

Solution

  • Unfortunately, this isn't possible, because:

    • body processor needs to be activated in phase 1, this cannot by done in any later phase
    • REQUEST_BODY variable is populated at the start of phase 2 so it's not accessible in phase 1

    There IS a way how to achieve what you need but it's a little complex and not backward compatible with existing rules using parsed JSON data. You can do this:

    • disable JSON body processor
    • create new rule which runs at the beginning of phase 2 (before all other rules) and which runs a Lua script
    • create a Lua script which first decodes base64 data from REQUEST_BODY, then runs a JSON parser on it and finally expose parsed data via some variable in TX collection