Please help me with one rule :)

Hi

I'm trying to setup rule which will block POST requests as described below 
(this is what I catch when I test my rule):

--7c0fb23b-B--
POST /phpscript.php HTTP/1.1
Host: mydomain.com
Content-Length: [some number - everytime different]
Accept-Encoding: identity
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 
1.1.4322)
Content-Type: multipart/form-data; 
boundary=46.165.193.30.1001.27540.1340488148.985.1497
Connection: Close

--7c0fb23b-C--
--IP-EVERYTIME-DIFFERENT.1001.27540.1340488148.985.1497
Content-Disposition: file; name="any-word-different"; 
filename="some-filename-different"
Content-Type: image/gif

or

Content-Type: text/plain

[...]

after content type I catch script code, which has common words, like 
"webshell" or "wso2"

I would like to block such requests, but whatever rule I'm building, I get 
such result:

[...]

Message: Multipart parsing error: Multipart: Invalid Content-Disposition 
header (-1): file; name="any-word"; filename="some-filename".

[...]

and it recives message 200 so this file is uploaded into server.

Can you help me to setup rule which will deny such requests?

Mike 

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/