Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitb1cbccd

Browse files
ivanrFelipe Zimmerle
ivanr
authored and
Felipe Zimmerle
committed
Added new directive (SecPdfProtectMethod) to enable the user to choose between using token redirection (falling back on forced download in some cases) and forced download (in all cases).
1 parent9543e13 commitb1cbccd

File tree

2 files changed

+67
-1
lines changed

2 files changed

+67
-1
lines changed

‎apache2/apache2_config.c‎

Lines changed: 59 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,7 @@
1717
#include"modsecurity.h"
1818
#include"msc_logging.h"
1919
#include"msc_util.h"
20+
#include"pdf_protect.h"
2021
#include"http_log.h"
2122
#include"apr_lib.h"
2223
#include"acmp.h"
@@ -112,6 +113,14 @@ void *create_directory_config(apr_pool_t *mp, char *path)
112113
dcfg->stream_inbody_inspection=NOT_SET;
113114
dcfg->stream_outbody_inspection=NOT_SET;
114115

116+
/* PDF XSS protection. */
117+
dcfg->pdfp_enabled=NOT_SET;
118+
dcfg->pdfp_secret=NOT_SET_P;
119+
dcfg->pdfp_timeout=NOT_SET;
120+
dcfg->pdfp_token_name=NOT_SET_P;
121+
dcfg->pdfp_only_get=NOT_SET;
122+
dcfg->pdfp_method=NOT_SET;
123+
115124
/* Geo Lookups */
116125
dcfg->geo=NOT_SET_P;
117126

@@ -523,6 +532,20 @@ void *merge_directory_configs(apr_pool_t *mp, void *_parent, void *_child)
523532
merged->stream_outbody_inspection= (child->stream_outbody_inspection==NOT_SET
524533
?parent->stream_outbody_inspection :child->stream_outbody_inspection);
525534

535+
/* PDF XSS protection. */
536+
merged->pdfp_enabled= (child->pdfp_enabled==NOT_SET
537+
?parent->pdfp_enabled :child->pdfp_enabled);
538+
merged->pdfp_secret= (child->pdfp_secret==NOT_SET_P
539+
?parent->pdfp_secret :child->pdfp_secret);
540+
merged->pdfp_timeout= (child->pdfp_timeout==NOT_SET
541+
?parent->pdfp_timeout :child->pdfp_timeout);
542+
merged->pdfp_token_name= (child->pdfp_token_name==NOT_SET_P
543+
?parent->pdfp_token_name :child->pdfp_token_name);
544+
merged->pdfp_only_get= (child->pdfp_only_get==NOT_SET
545+
?parent->pdfp_only_get :child->pdfp_only_get);
546+
merged->pdfp_method= (child->pdfp_method==NOT_SET
547+
?parent->pdfp_method :child->pdfp_method);
548+
526549
/* Geo Lookup */
527550
merged->geo= (child->geo==NOT_SET_P
528551
?parent->geo :child->geo);
@@ -678,6 +701,14 @@ void init_directory_config(directory_config *dcfg)
678701
if (dcfg->stream_inbody_inspection==NOT_SET)dcfg->stream_inbody_inspection=0;
679702
if (dcfg->stream_outbody_inspection==NOT_SET)dcfg->stream_outbody_inspection=0;
680703

704+
/* PDF XSS protection. */
705+
if (dcfg->pdfp_enabled==NOT_SET)dcfg->pdfp_enabled=0;
706+
if (dcfg->pdfp_secret==NOT_SET_P)dcfg->pdfp_secret=NULL;
707+
if (dcfg->pdfp_timeout==NOT_SET)dcfg->pdfp_timeout=10;
708+
if (dcfg->pdfp_token_name==NOT_SET_P)dcfg->pdfp_token_name="PDFPTOKEN";
709+
if (dcfg->pdfp_only_get==NOT_SET)dcfg->pdfp_only_get=1;
710+
if (dcfg->pdfp_method==NOT_SET)dcfg->pdfp_method=PDF_PROTECT_METHOD_TOKEN_REDIRECTION;
711+
681712
/* Geo Lookup */
682713
if (dcfg->geo==NOT_SET_P)dcfg->geo=NULL;
683714

@@ -2812,7 +2843,6 @@ static const char *cmd_cache_transformations(cmd_parms *cmd, void *_dcfg,
28122843
if (intval<0) {
28132844
returnapr_psprintf(cmd->pool,"ModSecurity: SecCacheTransformations maxlen must be positive: %s",charval);
28142845
}
2815-
28162846
/* The NOT_SET indicator is -1, a signed long, and therfore
28172847
* we cannot be >= the unsigned value of NOT_SET.
28182848
*/
@@ -2844,6 +2874,26 @@ static const char *cmd_cache_transformations(cmd_parms *cmd, void *_dcfg,
28442874
}
28452875

28462876

2877+
staticconstchar*cmd_pdf_protect_method(cmd_parms*cmd,void*_dcfg,
2878+
constchar*p1)
2879+
{
2880+
directory_config*dcfg= (directory_config*)_dcfg;
2881+
if (dcfg==NULL)returnNULL;
2882+
2883+
if (strcasecmp(p1,"TokenRedirection")==0) {
2884+
dcfg->pdfp_method=PDF_PROTECT_METHOD_TOKEN_REDIRECTION;
2885+
}else
2886+
if (strcasecmp(p1,"ForcedDownload")==0) {
2887+
dcfg->pdfp_method=PDF_PROTECT_METHOD_FORCED_DOWNLOAD;
2888+
}else {
2889+
return (constchar*)apr_psprintf(cmd->pool,
2890+
"ModSecurity: Unrecognised parameter value for SecPdfProtectMethod: %s",p1);
2891+
}
2892+
2893+
returnNULL;
2894+
}
2895+
2896+
28472897
/* -- Configuration directives definitions -- */
28482898

28492899
#defineCMD_SCOPE_MAIN (RSRC_CONF)
@@ -3520,6 +3570,14 @@ const command_rec module_directives[] = {
35203570
"Set Hash key"
35213571
),
35223572

3573+
AP_INIT_TAKE1 (
3574+
"SecPdfProtectMethod",
3575+
cmd_pdf_protect_method,
3576+
NULL,
3577+
RSRC_CONF,
3578+
"protection method to use. Can be 'TokenRedirection' (default) or 'ForcedDownload'"
3579+
),
3580+
35233581
AP_INIT_TAKE1 (
35243582
"SecHashParam",
35253583
cmd_hash_param,

‎apache2/modsecurity.h‎

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -547,6 +547,14 @@ struct directory_config {
547547
intstream_inbody_inspection;
548548
intstream_outbody_inspection;
549549

550+
/* PDF XSS Protection. */
551+
intpdfp_enabled;
552+
constchar*pdfp_secret;
553+
intpdfp_timeout;
554+
constchar*pdfp_token_name;
555+
intpdfp_only_get;
556+
intpdfp_method;
557+
550558
/* Geo Lookup */
551559
geo_db*geo;
552560

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp