Hello,

We're troubleshooting some apparent false positives related to the MULTIPART_UNMATCHED_BOUNDARY variable being set on relatively large (file upload) requests.  I've examined one of these requests with audit part "C" and see no problem with the request: the boundary is specified in the Content-Type header and the request body appears to be properly delimited with that boundary.  The request I happen to be looking at is uploading a ~4MB file and if I try to upload a file of only a few bytes, the variable is not set.

What I'm assuming is there's some sort of buffer limit that is preventing ModSecurity from encountering all the boundaries.  Am I right about that and if so, is there a setting for that and/or a recommended way to work around this (other than to not pay attention to this variable on file upload requests -- our current workaround)?

Thanks for any help.

Ty