From 9ada0a28c8100f905014c128b0e6d11dd75ec7e5 Mon Sep 17 00:00:00 2001
From: Felipe Zimmerle <fcosta@trustwave.com>
Date: Thu, 1 Nov 2018 18:00:12 -0300
Subject: [PATCH] Changes the default configuration to mimic v2 behavior on
 multipart

Further info on: #1747, #1924
---
 CHANGES                      |  2 +-
 modsecurity.conf-recommended | 10 ++++++----
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/CHANGES b/CHANGES
index 4d375bf2..9810c11c 100644
--- a/CHANGES
+++ b/CHANGES
@@ -88,7 +88,7 @@ v3.0.3 - YYYY-MMM-DD (to be released)
  - Fixed LMDB collection errors
    [Issue #1787 - @airween, @zimmerle]
  - Fixed false positive MULTIPART_UNMATCHED_BOUNDARY errors
-   [Issue #1747 - @airween]
+   [Issue #1747, #1924 - @airween, @victorhora, @defanator, @zimmerle]
  - Fix ip tree lookup on netmask content
    [Issue #1793 - @tinselcity, @zimmerle]
  - Changes the behavior of the default sec actions
diff --git a/modsecurity.conf-recommended b/modsecurity.conf-recommended
index d8224c2d..50743891 100644
--- a/modsecurity.conf-recommended
+++ b/modsecurity.conf-recommended
@@ -114,10 +114,12 @@ FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'"
 # allowed.
 #
 
-SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" \
-"id:'200004',phase:2,t:none,log,deny,msg:'Multipart parser detected a possible unmatched boundary.'"
-#SecRule MULTIPART_UNMATCHED_BOUNDARY "@eq 1" \
-#"id:'200004',phase:2,t:none,log,deny,msg:'Multipart parser detected a possible unmatched boundary.'"
+#
+# See #1747 and #1924 for further information on the possible values for
+# MULTIPART_UNMATCHED_BOUNDARY.
+#
+SecRule MULTIPART_UNMATCHED_BOUNDARY "@eq 1" \
+    "id:'200004',phase:2,t:none,log,deny,msg:'Multipart parser detected a possible unmatched boundary.'"
 
 
 # PCRE Tuning