Variable needed : REQUEST_HAS_BODY to avoid content-type evasion #3466
Description
Hello,
This issue followed this PR : coreruleset/coreruleset#4347 and this comment : coreruleset/coreruleset#4347 (comment)
`Since we cannot rely on REQUEST_BODY (and therefore not on REQUEST_BODY_LENGTH, which depends on REQUEST_BODY) for this use case, we are missing a REQUEST_HAS_BODY variable.
Would it be difficult to implement?
Given that you do not want to use STREAM_INPUT_BODY in PL1 (which I understand), I don’t see any other solution to handle this glaring security gap.`