Yes, it's ok. If even encoding the text the mod_security rule is applied then this means they are decoding base64 text (which is good despite in our case it's a false positive).
To solve this you can:
- Ask for help to your hosting provider. They should be able to add an exception for that rule in your .htacess file. This is the best option; unfortunately many hosting providers are not able to do this.
- Delete the word reported in the log (in our case base64_decode) from the word's list and try to save. If the problem arises again open the error.log again and delete the new word reported. Repeat this step until you're able to save the config.
I think I might have solved this issue with Dreamhost MODSEC. I've enabled the free offering of Cloudflare on a site thru the dreamiest control panel/edit domain. I've tried to replicate my issue and can't. I haven't tested this on the site that experiencing the true issue thou. Can someone test this theory and report back?