24Eki
How to enable base64 decoding globally in modsecurity?
I am testing modsecurity with xss attacks equipped with latest OWASP CRS with only XSS rules enabled . I found base64decoding is not done and its one of the reason for bypasses . however,If I have to add transformation to each rule in xss to decode base64 it led to block 2 attacks . Is there anyway where I can apply this decoding globally instead of each rule ?