mod-securitymod-security2

How do I use ModSecurity's transformation function to encode the request_body


I would like to encode a specific part of the RequestBody using ModSecurity phase 2. I believe using a transformation function could help but I don't know how to get it to just transform the value nested within a hash in the body.

The value of the "details" key in the messages hash to be encoded.

The request body contains a ruby hash

{
  "message": {
    "details": "there is an attack here"
  }
}

Is that possible in ModSecurity?


Solution

  • This is not possible as ModSecurity is not able to parse Ruby hash object. It would be possible with JSON or XML data though. Remember that encoded data are usable only within ModSecurity and will not reach your application.