The compile-time option --disable-request-early in ModSecurity 2.x can lead to incorrect request processing with Core Rule Set (CRS) 4.0 and higher (as highlighted here).

Given that CRS 4.0+ relies on functionalities tied to early request processing, disabling it at build time effectively renders these newer CRS versions incompatible and can leave systems non-functional or even vulnerable. To ensure proper functionality and security when using modern CRS versions, I strongly recommend removing the --disable-request-early compile option from ModSecurity 2.x.