From 5549ed2ed87e50aa2e1e9e7ab2705307188d6354 Mon Sep 17 00:00:00 2001
From: ivanr <ivanr@9017d574-64ec-4062-9424-5e00b32a252b>
Date: Mon, 15 Oct 2007 18:27:42 +0000
Subject: [PATCH] Document MULTIPART_CRLF_LF_LINES.

---
 doc/modsecurity2-apache-reference.xml | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/doc/modsecurity2-apache-reference.xml b/doc/modsecurity2-apache-reference.xml
index 927bf1e2..b66f21dc 100644
--- a/doc/modsecurity2-apache-reference.xml
+++ b/doc/modsecurity2-apache-reference.xml
@@ -1972,6 +1972,24 @@ SecRule <emphasis role="bold">ENV:tag</emphasis> "suspicious"</programlisting>
       (REQUEST_HEADERS:<emphasis>Headername</emphasis>)</para>
     </section>
 
+    <section>
+      <title><literal>MULTIPART_CRLF_LF_LINES</literal></title>
+
+      <para>This flag variable will be set to <literal>1</literal> whenever a
+      multipart request uses mixed line terminators. The
+      <literal>multipart/form-data</literal> RFC requires
+      <literal>CRLF</literal> sequence to be used to terminate lines. Since
+      some client implementations use only <literal>LF</literal> to terminate
+      lines you might want to allow them to proceed under certain
+      circumstances (if you want to do this you will need to stop using
+      <literal>MULTIPART_STRICT_ERROR</literal> and check each multipart flag
+      variable individually, avoding <literal>MULTIPART_LF_LINE</literal>).
+      However, mixing <literal>CRLF</literal> and <literal>LF</literal> line
+      terminators is dangerous as it can allow for evasion. Therefore, in such
+      cases, you will have to add a check for
+      <literal>MULTIPART_CRLF_LF_LINES</literal>.</para>
+    </section>
+
     <section>
       <title><literal>MULTIPART_STRICT_ERROR</literal></title>
 
@@ -4411,4 +4429,4 @@ SecRule XML "<emphasis role="bold">@validateSchema /path/to/apache2/conf/xml.xsd
       </section>
     </section>
   </section>
-</article>
+</article>
\ No newline at end of file