Use requestBodyProcessor after base64Decode

Question

ModSecurity allows us to use different request body processors (e.g. for XML or JSON). My question is, is it possible to first decode a body that holds a base64 encoded string

eyJuYW1lIjoiSm9obiIsICJhZ2UiOjI1fQ==

which translates to

{"name":"John", "age":25}

and after that use requestBodyProcessor=JSON?

I tried different rules with transformations and so on, but couldn't get it to work.

Answer 1

Unfortunately, this isn't possible, because:

• body processor needs to be activated in phase 1, this cannot by done in any later phase
• REQUEST_BODY variable is populated at the start of phase 2 so it's not accessible in phase 1

There IS a way how to achieve what you need but it's a little complex and not backward compatible with existing rules using parsed JSON data. You can do this:

• disable JSON body processor
• create new rule which runs at the beginning of phase 2 (before all other rules) and which runs a Lua script
• create a Lua script which first decodes base64 data from REQUEST_BODY, then runs a JSON parser on it and finally expose parsed data via some variable in TX collection