Building on the multipart/form-data support I added to mod_security the other day, today I added two new configuration directives to support file interception. Using SecUploadDir you can tell mod_security to store files (works on per-directory configuration so you can have any number of different folders), and by setting SecUploadKeepFiles to On you can tell it not to erase after it's done with them. Pretty nice. The next step, a hook to execute external programs to verify uploaded files, is coming soon.