Added new directive (SecPdfProtectMethod) to enable the user to choose between

using token redirection (falling back on forced download in some cases) and
forced download (in all cases).

apache2/apache2_config.c

@@ -14,7 +14,7 @@
 
 #include "modsecurity.h"
 #include "msc_logging.h"
-
+#include "pdf_protect.h"
 #include "http_log.h"
 
 /* #define DEBUG_CONF 1 */
@@ -90,6 +90,7 @@ void *create_directory_config(apr_pool_t *mp, char *path) {
     dcfg->pdfp_timeout = NOT_SET;
     dcfg->pdfp_token_name = NOT_SET_P;
     dcfg->pdfp_only_get = NOT_SET;
+    dcfg->pdfp_method = NOT_SET;
 
     /* Geo Lookups */
     dcfg->geo = NOT_SET_P;
@@ -384,6 +385,8 @@ void *merge_directory_configs(apr_pool_t *mp, void *_parent, void *_child) {
         ? parent->pdfp_token_name : child->pdfp_token_name);
     merged->pdfp_only_get = (child->pdfp_only_get == NOT_SET
         ? parent->pdfp_only_get : child->pdfp_only_get);
+    merged->pdfp_method = (child->pdfp_method == NOT_SET
+        ? parent->pdfp_method : child->pdfp_method);
 
     /* Geo Lookup */
     merged->geo = (child->geo == NOT_SET_P
@@ -457,6 +460,7 @@ void init_directory_config(directory_config *dcfg) {
     if (dcfg->pdfp_timeout == NOT_SET) dcfg->pdfp_timeout = 10;
     if (dcfg->pdfp_token_name == NOT_SET_P) dcfg->pdfp_token_name = "PDFPTOKEN";
     if (dcfg->pdfp_only_get == NOT_SET) dcfg->pdfp_only_get = 1;
+    if (dcfg->pdfp_method == NOT_SET) dcfg->pdfp_method = PDF_PROTECT_METHOD_TOKEN_REDIRECTION;
 
     /* Geo Lookup */
     if (dcfg->geo == NOT_SET_P) dcfg->geo = NULL;
@@ -1195,6 +1199,25 @@ static const char *cmd_pdf_protect_intercept_get_only(cmd_parms *cmd, void *_dcf
     return NULL;
 }
 
+static const char *cmd_pdf_protect_method(cmd_parms *cmd, void *_dcfg,
+    const char *p1)
+{
+    directory_config *dcfg = (directory_config *)_dcfg;
+    if (dcfg == NULL) return NULL;
+
+    if (strcasecmp(p1, "TokenRedirection") == 0) {
+        dcfg->pdfp_method = PDF_PROTECT_METHOD_TOKEN_REDIRECTION;
+    } else
+    if (strcasecmp(p1, "ForcedDownload") == 0) {
+        dcfg->pdfp_method = PDF_PROTECT_METHOD_FORCED_DOWNLOAD;
+    } else {
+        return (const char *)apr_psprintf(cmd->pool,
+            "ModSecurity: Unrecognised parameter value for SecPdfProtectMethod: %s", p1);
+    }
+    
+    return NULL;
+}
+
 /* -- Geo Lookup configuration -- */
 
 static const char *cmd_geo_lookups_db(cmd_parms *cmd, void *_dcfg,
@@ -1550,6 +1573,14 @@ const command_rec module_directives[] = {
         "whether or not to intercept only GET and HEAD requess. Defaults to true."
     ),
 
+    AP_INIT_TAKE1 (
+        "SecPdfProtectMethod",
+        cmd_pdf_protect_method,
+        NULL,
+        RSRC_CONF,
+        "protection method to use. Can be 'TokenRedirection' (default) or 'ForcedDownload'"
+    ),
+
     AP_INIT_TAKE1 (
         "SecGeoLookupsDb",
         cmd_geo_lookups_db,