Proposed changes

Rules 920240 and 920400 relies on the Content Type header to perform urlencoding validation, and file size limits respectively. Some applications don't set content types correctly and will use something like text/plain.

The REQBODY_PROCESSOR variable contains the same information a Content Type would, and would support more exotic configurations where urlencoded data is sent with a text/plain content type. Assuming the end user switches on the correct body processor for text/plain and similar.

PR Checklist

• I have read the CONTRIBUTING doc
• I have added positive tests proving my fix/feature works as intended.
• I have added negative tests that prove my fix/feature considers common cases that might end in false positives
• In case you changed a regular expression, you are not adding a ReDOS for pcre. You can check this using regexploit
• My test use the comment field to write the expected behavior
• I have added documentation for the rule or change (when appropriate)

Further comments

AI Disclosure

N/A

For the reviewer

• Positive and negative tests were added
• Tests cover the intended fix/feature properly
• No usage of dangerous constructs like ctl:requestBodyAccess=Off were used in the rule
• In case a regular expression was changed, there is no ReDOS
• Documentation is clear for the rule/change
• If a contribution shows signs of unreviewed AI generation (e.g., plausible-but-broken regex, generic boilerplate comments, hallucinated SecLang directives), reviewers should ask about AI usage regardless of what was checked.