github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-29 19:24:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

Configure PDF protection by token redirection to only work on GET and HEAD requests. If we attempted to work on other request methods we would probably break something as there is no way to preserve request bodies. The default was previously been to work on all requests. This behavious can still be changed using the SecPdfProtectInterceptGETOnly directive but I am going to leave it undocumented.

Browse Source
This commit is contained in:
ivanr
2007-06-14 14:54:23 +00:00
parent eec279c8d9
commit c7f5dc3355
2 changed files with 7 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
apache2/pdf_protect.c
View File

@@ -400,12 +400,14 @@ int pdfp_check(modsec_rec *msr) {
return 0;
}
/* Ignore request methods other than GET if
/* Ignore request methods other than GET and HEAD if
* configured to do so.
*/
if ((msr->r->method_number != M_GET)&&(cfg->pdfp_only_get != 0)) {
if ((msr->r->method_number != M_GET)&&(msr->r->method_number != M_HEAD)
&&(cfg->pdfp_only_get != 0))
{
if (msr->txcfg->debuglog_level >= 4) {
msr_log(msr, 4, "PdfProtect: Configured not to intercept non-GET requests "
msr_log(msr, 4, "PdfProtect: Not intercepting a GET/HEAD request "
"(method=%s/%i).", log_escape_nq(msr->mp, msr->r->method), msr->r->method_number);
}