This was done during the 4th CRS / ModSecurity Meetup in Bern (participants: @franbuehler, @theseion, @ZuGao, @srueg, @dune73 and Roger and Marc).
The fix is done on the fact that the base64 string is only useful as an exploit within inline encoding of payloads via base64 and that always starts with ;base64. We have thus put a semicolon in front.
See for example: https://www.bigfastblog.com/embed-base64-encoded-images-inline-in-html
Then we rearranged the slightly odd regex with the help of a new regexp-assemble data file.
This fixes #1582.
This was done during the 4th CRS / ModSecurity Meetup in Bern (participants: @franbuehler, @theseion, @ZuGao, @srueg, @dune73 and Roger and Marc).
The fix is done on the fact that the base64 string is only useful as an exploit within inline encoding of payloads via base64 and that always starts with
;base64
. We have thus put a semicolon in front. See for example: https://www.bigfastblog.com/embed-base64-encoded-images-inline-in-htmlThen we rearranged the slightly odd regex with the help of a new regexp-assemble data file.