...
Implement a Servlet filter which will validate Content-Type
and throw away request with suspicious values not matching multipart/form-data
. Other option is to remove the File Upload Interceptor from the stack, just define your own custom stack and set it as a default - please read How do we configure an Interceptor to be used with every Action.