ModSecurity should able to analyse gRPC request body.

[pandey-adarsh147]

Expected behavior

ModSecurity should able to analyse gRPC request body.

gRPC is binary protocol, ModSecurity is not able to parse it and hence, not able to block simple injection.

[martinhsv]

Hello @pandey-adarsh147 ,

It might be helpful if you were describe this in some additional detail. What tangible functionality would need to be added to ModSecurity to allow it 'to analyse' such request bodies?

[marcstern]

We should have "ctl:requestBodyProcessor=gRPC" (and/or "ctl:requestBodyProcessor=protobuf") to trigger a parser understanding the protobuf binary payload transmitted via web sockets.
Potential problem: I guess mod_security2 won't receive this binary payload that is managed by mod_proxy_wstunnel (for Apache) unless we hook something into it. I imagine the problem is similar for Nginx & IIS.

[themayursinha]

Is there any progress on this?

[martinhsv]

@themayursinha ,

No. This item is not on the priority list.

[marcstern]

Potential problem: I guess mod_security2 won't receive this binary payload that is managed by mod_proxy_wstunnel (for Apache) unless we hook something into it.
In latest versions, mod_proxy_wstunnel is no more used, web sockets are integrated into mod_proxy_http.