From e26d44a6bd155ca172e2be5489661a6c9d85d453 Mon Sep 17 00:00:00 2001
From: brectanus <brectanus@9017d574-64ec-4062-9424-5e00b32a252b>
Date: Fri, 15 Aug 2008 20:21:25 +0000
Subject: [PATCH] Allow disabling processing of request body size limit in
 phase 1.  See #518.

---
 apache2/mod_security2.c | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/apache2/mod_security2.c b/apache2/mod_security2.c
index 75e24c07..4b478fe2 100644
--- a/apache2/mod_security2.c
+++ b/apache2/mod_security2.c
@@ -570,19 +570,21 @@ static int hook_request_early(request_rec *r) {
         return DECLINED;
     }
 
-    /* Check request body limit (should only trigger on non-chunked requests). */
-    if (msr->request_content_length > msr->txcfg->reqbody_limit) {
-        msr_log(msr, 1, "Request body is larger than the "
-                     "configured limit (%ld).", msr->txcfg->reqbody_limit);
-        return HTTP_REQUEST_ENTITY_TOO_LARGE;
-    }
-
     /* Process phase REQUEST_HEADERS */
     rc = DECLINED;
     if (modsecurity_process_phase(msr, PHASE_REQUEST_HEADERS) > 0) {
         rc = perform_interception(msr);
     }
 
+    if ((msr->txcfg->is_enabled != MODSEC_DISABLED) && (rc == DECLINED)) {
+        /* Check request body limit (non-chunked requests only). */
+        if (msr->request_content_length > msr->txcfg->reqbody_limit) {
+            msr_log(msr, 1, "Request body (Content-Length) is larger than the "
+                         "configured limit (%ld).", msr->txcfg->reqbody_limit);
+            return HTTP_REQUEST_ENTITY_TOO_LARGE;
+        }
+    }
+
     return rc;
 }