My ModSec kung-fu has grown weak, and I am struggling with what feels like a simple capture and setenv recipe, but I can't figure out how to make it work.

I would like to take an environment variable which contains a base64 encoded username, apply urldecode and base64 decode transforms, capture that decoded value and assign it to yet another environment variable so that I can log that final value in the access log.

SecRule ENV:DERPUSER "^$" "msg:'DERP-%{REMOTE_ADDR}',id:'999999',pass,nolog,noauditlog,t:urlDecode,t:base64Decode,capture,phase:2,setenv:THEREALUSERNAME=%{TX:1},severity:2"

Anyone able to help me fix this?

Thanks,

W