Why do you say that? SSL is a connection level filter that can persist beyond a single request. There is nothing to say that one can't author a pre-handler filter that looks at the post data before someone comes along with some get_client_block style call.
And, where would you call this filter? There is no real support for non-destructive reads in our filtering system. The only guarantee currently is that the input filters will be invoked *after* the handler is invoked when we discard the request body. Handlers may very well not read the request body and don't have to do so (although that sort of leads to the TCP deadlock we discussed at last AC). But, the essential issue is that with non-destructive reads we open ourselves to a new class of DoS attacks.
Also, request filters also can't be called before the handlers as the request filters aren't necessarily in place until filter_init runs in ap_invoke_handler().
Trying to read the request body before the handlers has always been problematic - even in 1.3. -- justin
