Configure PDF protection by token redirection to only work on GET and HEAD requests. If we attempted to work on other request methods we would probably break something as there is no way to preserve request bodies. The default was previously been to work on all requests. This behavious can still be changed using the SecPdfProtectInterceptGETOnly directive but I am going to leave it undocumented.

2025-09-29 19:24:29 +03:00 · 2007-06-14 14:54:23 +00:00
parent eec279c8d9
commit c7f5dc3355
2 changed files with 7 additions and 5 deletions
--- a/apache2/apache2_config.c
+++ b/apache2/apache2_config.c
@@ -456,7 +456,7 @@ void init_directory_config(directory_config *dcfg) {
    if (dcfg->pdfp_secret == NOT_SET_P) dcfg->pdfp_secret = NULL;
    if (dcfg->pdfp_timeout == NOT_SET) dcfg->pdfp_timeout = 10;
    if (dcfg->pdfp_token_name == NOT_SET_P) dcfg->pdfp_token_name = "PDFPTOKEN";
-    if (dcfg->pdfp_only_get == NOT_SET) dcfg->pdfp_only_get = 0;
+    if (dcfg->pdfp_only_get == NOT_SET) dcfg->pdfp_only_get = 1;

    /* Geo Lookup */
    if (dcfg->geo == NOT_SET_P) dcfg->geo = NULL;
@@ -1547,7 +1547,7 @@ const command_rec module_directives[] = {
        cmd_pdf_protect_intercept_get_only,
        NULL,
        RSRC_CONF,
-        "whether or not to intercept only GET requess."
+        "whether or not to intercept only GET and HEAD requess. Defaults to true."
    ),

    AP_INIT_TAKE1 (