Nginx+libmodsecurity and work with gzip #251
Description
Hello. I use Nginx 1.20.1 + libmodsecurity-3.0.4-4.el8 as reverse proxy. When we receive request with Content-Encoding: gzip and Content-Type: application/json - activate rule from default modsecurity.conf:
SecRule REQBODY_ERROR "!@eq 0" \
"id:'200002', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
As I understand - we recieve data with gzip as binary content, then it send to modsecurity in binary fromat and json parser give error because data is not valid json.
I think, this is actually true for xml and any another data with compression.Is there way to work with compressed data with Modsecurity or workaround? I understand, that i can disable rule for analyze json and xml - but it's bad way, thats affect level of security.