From c7f5dc3355f99c8c2b093d66c00a8460797971af Mon Sep 17 00:00:00 2001
From: ivanr <ivanr@9017d574-64ec-4062-9424-5e00b32a252b>
Date: Thu, 14 Jun 2007 14:54:23 +0000
Subject: [PATCH] Configure PDF protection by token redirection to only work on
 GET and HEAD requests. If we attempted to work on other request methods we
 would probably break something as there is no way to preserve request bodies.
 The default was previously been to work on all requests. This behavious can
 still be changed using the SecPdfProtectInterceptGETOnly directive but I am
 going to leave it undocumented.

---
 apache2/apache2_config.c | 4 ++--
 apache2/pdf_protect.c    | 8 +++++---
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/apache2/apache2_config.c b/apache2/apache2_config.c
index e19da940..8c975d45 100644
--- a/apache2/apache2_config.c
+++ b/apache2/apache2_config.c
@@ -456,7 +456,7 @@ void init_directory_config(directory_config *dcfg) {
     if (dcfg->pdfp_secret == NOT_SET_P) dcfg->pdfp_secret = NULL;
     if (dcfg->pdfp_timeout == NOT_SET) dcfg->pdfp_timeout = 10;
     if (dcfg->pdfp_token_name == NOT_SET_P) dcfg->pdfp_token_name = "PDFPTOKEN";
-    if (dcfg->pdfp_only_get == NOT_SET) dcfg->pdfp_only_get = 0;
+    if (dcfg->pdfp_only_get == NOT_SET) dcfg->pdfp_only_get = 1;
 
     /* Geo Lookup */
     if (dcfg->geo == NOT_SET_P) dcfg->geo = NULL;
@@ -1547,7 +1547,7 @@ const command_rec module_directives[] = {
         cmd_pdf_protect_intercept_get_only,
         NULL,
         RSRC_CONF,
-        "whether or not to intercept only GET requess."
+        "whether or not to intercept only GET and HEAD requess. Defaults to true."
     ),
 
     AP_INIT_TAKE1 (
diff --git a/apache2/pdf_protect.c b/apache2/pdf_protect.c
index c6ce8452..438934ca 100644
--- a/apache2/pdf_protect.c
+++ b/apache2/pdf_protect.c
@@ -400,12 +400,14 @@ int pdfp_check(modsec_rec *msr) {
         return 0;
     }
 
-    /* Ignore request methods other than GET if
+    /* Ignore request methods other than GET and HEAD if
      * configured to do so.
      */
-    if ((msr->r->method_number != M_GET)&&(cfg->pdfp_only_get != 0)) {
+    if ((msr->r->method_number != M_GET)&&(msr->r->method_number != M_HEAD)
+        &&(cfg->pdfp_only_get != 0))
+    {
         if (msr->txcfg->debuglog_level >= 4) {
-            msr_log(msr, 4, "PdfProtect: Configured not to intercept non-GET requests "
+            msr_log(msr, 4, "PdfProtect: Not intercepting a GET/HEAD request "
             "(method=%s/%i).", log_escape_nq(msr->mp, msr->r->method), msr->r->method_number);
         }