diff --git a/main/SAPI.c b/main/SAPI.c
index 6709d467e34f..96f25d62ebd0 100644
--- a/main/SAPI.c
+++ b/main/SAPI.c
@@ -199,6 +199,10 @@ SAPI_API void sapi_read_post_data(void)
 	/* now try to find an appropriate POST content handler */
 	if ((post_entry = zend_hash_str_find_ptr(&SG(known_post_content_types), content_type,
 			content_type_length)) != NULL) {
+		if(!SG(allow_multipart_form) && !strcmp(content_type, MULTIPART_CONTENT_TYPE)) {
+			efree(content_type);
+			return;
+		}
 		/* found one, register it for use */
 		SG(request_info).post_entry = post_entry;
 		post_reader_func = post_entry->post_reader;
diff --git a/main/SAPI.h b/main/SAPI.h
index 9196982f5495..a88f1cd4e2f7 100644
--- a/main/SAPI.h
+++ b/main/SAPI.h
@@ -141,6 +141,7 @@ typedef struct _sapi_globals_struct {
 	char *default_charset;
 	HashTable *rfc1867_uploaded_files;
 	zend_long post_max_size;
+	bool allow_multipart_form;
 	int options;
 	bool sapi_started;
 	double global_request_time;
diff --git a/main/main.c b/main/main.c
index 446ac0fcb797..2966ba8489fd 100644
--- a/main/main.c
+++ b/main/main.c
@@ -878,6 +878,7 @@ PHP_INI_BEGIN()
 	PHP_INI_ENTRY("disable_functions",			"",			PHP_INI_SYSTEM,		NULL)
 	PHP_INI_ENTRY("max_file_uploads",			"20",			PHP_INI_SYSTEM|PHP_INI_PERDIR,		NULL)
 	PHP_INI_ENTRY("max_multipart_body_parts",	"-1",			PHP_INI_SYSTEM|PHP_INI_PERDIR,		NULL)
+	STD_PHP_INI_ENTRY("allow_multipart_form", "1",			PHP_INI_ALL,		OnUpdateBool,		allow_multipart_form, sapi_globals_struct,	sapi_globals)
 
 	STD_PHP_INI_BOOLEAN("allow_url_fopen",		"1",		PHP_INI_SYSTEM,		OnUpdateBool,		allow_url_fopen,		php_core_globals,		core_globals)
 	STD_PHP_INI_BOOLEAN("allow_url_include",	"0",		PHP_INI_SYSTEM,		OnUpdateBool,		allow_url_include,		php_core_globals,		core_globals)
diff --git a/main/rfc1867.c b/main/rfc1867.c
index f6ffb6fabc7f..db07f1f3aa96 100644
--- a/main/rfc1867.c
+++ b/main/rfc1867.c
@@ -670,6 +670,7 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler)
 	zend_long post_max_size = REQUEST_PARSE_BODY_OPTION_GET(post_max_size, SG(post_max_size));
 	zend_long max_input_vars = REQUEST_PARSE_BODY_OPTION_GET(max_input_vars, PG(max_input_vars));
 	zend_long upload_max_filesize = REQUEST_PARSE_BODY_OPTION_GET(upload_max_filesize, PG(upload_max_filesize));
+	bool allow_multipart_form = SG(allow_multipart_form);
 	const zend_encoding *internal_encoding = zend_multibyte_get_internal_encoding();
 	php_rfc1867_getword_t getword;
 	php_rfc1867_getword_conf_t getword_conf;
@@ -694,6 +695,11 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler)
 		_basename = php_ap_basename;
 	}
 
+	if(!allow_multipart_form) {
+		EMIT_WARNING_OR_ERROR("request uri %s is not allow POST multipart body", SG(request_info).request_uri);
+		return;
+	}
+
 	if (post_max_size > 0 && SG(request_info).content_length > post_max_size) {
 		EMIT_WARNING_OR_ERROR("POST Content-Length of " ZEND_LONG_FMT " bytes exceeds the limit of " ZEND_LONG_FMT " bytes", SG(request_info).content_length, post_max_size);
 		return;