Adding statement regarding potential issues with file upload with SecStreamInBodyInspection by @bostrt (owasp-modsecurity#1366)

victorhora · victorhora · commit a9f9a59e3982 · 2017-06-06T15:16:36.000-04:00
diff --git a/Reference-Manual.mediawiki b/Reference-Manual.mediawiki
@@ -1707,6 +1707,8 @@ This feature enables the creation of the STREAM_INPUT_BODY variable and is usefu
 
 ; Note : This directive is NOT supported for libModSecurity (v3). Naturally, STREAM_INPUT_BODY is also NOT supported on libModSecurity.
 
+; Note : This directive may significantly impact file upload times. The impact depends on server resources and the nature of operations being performed on the request bodies being streamed in.
+
 == SecStreamOutBodyInspection ==
 '''Description:''' Configures the ability to use stream inspection for outbound request data in a re-allocable buffer.  For security reasons we are still buffering the stream.
 
@@ -2587,9 +2589,9 @@ This variable holds the full status line sent by the server (including the reque
 SecRule STATUS_LINE "@contains 500" "phase:3,id:49,log,pass,logdata:'Application error detected!,t:none"
 </pre>
 
-'''Version:''' 2.6.0-2.9.x
+'''Version:''' 2.x
 
-'''Supported on libModSecurity:''' No
+'''Supported on libModSecurity:''' TBI
 
 == STREAM_INPUT_BODY ==
 '''Version:''' 2.6.0-2.9.x
@@ -4468,4 +4470,4 @@ While we will continue to enhance ModSecurity to deal with various evasion techn
 #The order in which parameters are taken from the request and the environment is EGPCS (environment, GET, POST, Cookies, built-in variables). This means that a POST parameter will overwrite the parameters transported on the request line (in QUERY_STRING).
 #When "magic_quotes_gpc" is set to "On" PHP will use backslash to escape the following characters: single quote, double quote, backslash, and the nul byte.
 #If "magic_quotes_sybase" is set to "On" only the single quote will be escaped using another single quote. In this case the "magic_quotes_gpc" setting becomes irrelevant. The "magic_quotes_sybase" setting completely overrides the "magic_quotes_gpc" behaviour but "magic_quotes_gpc" still must be set to "On" for the Sybase-specific quoting to be work.
-#PHP will also automatically create nested arrays for you. For example "p[x][y]=1" results in a total of three variables.
+#PHP will also automatically create nested arrays for you. For example "p[x][y]=1" results in a total of three variables.
