ModSecurity icon indicating copy to clipboard operation
ModSecurity copied to clipboard
verified publisher icon owasp-modsecurity

ModSecurity should able to analyse gRPC request body.

Open pandey-adarsh147 opened this issue 4 years ago • 5 comments

Expected behavior

ModSecurity should able to analyse gRPC request body.

gRPC is binary protocol, ModSecurity is not able to parse it and hence, not able to block simple injection.

pandey-adarsh147 avatar Nov 22 '21 12:11 pandey-adarsh147

Hello @pandey-adarsh147 ,

It might be helpful if you were describe this in some additional detail. What tangible functionality would need to be added to ModSecurity to allow it 'to analyse' such request bodies?

martinhsv avatar Dec 29 '21 17:12 martinhsv

We should have "ctl:requestBodyProcessor=gRPC" (and/or "ctl:requestBodyProcessor=protobuf") to trigger a parser understanding the protobuf binary payload transmitted via web sockets. Potential problem: I guess mod_security2 won't receive this binary payload that is managed by mod_proxy_wstunnel (for Apache) unless we hook something into it. I imagine the problem is similar for Nginx & IIS.

marcstern avatar Dec 30 '21 08:12 marcstern

Is there any progress on this?

themayursinha avatar Mar 13 '22 22:03 themayursinha

@themayursinha ,

No. This item is not on the priority list.

martinhsv avatar Mar 14 '22 13:03 martinhsv