Google

 

Module mod_put

RD-LV-005-051199


Introduction

    This small module implements the HTTP/1.1 PUT and DELETE methods. Please notice that it can be a big security hole to activate them without securing the web server.

Download mod_put.tar.gz

Configuration

Integration with Apache 1.3.x - compiling and linking

To link mod_put into Apache (recommended for best performance), just add a add-module clause to your configure call:
./configure --add-module=/path/to/mod_put.c

Integrating into Apache 1.2.x - compiling and linking

To link the put module with Apache, you must rebuild Apache from its sources with adding mod_put in the configuration file:
  1. Untar mod_put.tar.gz in Apache sources' directory
  2. Edit Configuration file according your installation
  3. Run the Configure script to rebuild the makefile
  4. Build Apache by typing make
  5. Install the brand new httpd program
  6. Edit the web server configuration files (typically httpd.conf and access.conf)
  7. Restart the web daemon

Example of a Configuration file

...

Module mime_module         mod_mime.o

Module access_module       mod_access.o
Module auth_module         mod_auth.o
Module negotiation_module  mod_negotiation.o
Module includes_module     mod_include.o
Module dir_module          mod_dir.o
Module cgi_module          mod_cgi.o

...

#
# Miscellaneous modules
#

Module put_module       mod_put.o

httpd.conf Directives

    EnablePut On|Off
    default value: Off
    context: Directory or Location
    effect: Enables (or disables) the PUT method.
    remarks: Before enabling the PUT method, be sure your server is secure.

    Documents will be created with the rights of the user running httpd, be sure to adjust the access rights accordingly.
    EnableDelete On|Off
    default value: Off
    context: Directory or Location
    effect: Enables (or disables) the DELETE method.
    remarks: Before enabling the DELETE method, be sure your server is secure.
    umask octal_value
    default value: 007
    context: Directory or Location
    effect: sets the umask for a whole directory (see umask(1)).
    Allways ensure that write access is limited to trusted users: a malicious user could upload huge files to freeze the file system. In particular, never allow an anonymous write access if your web server is on the same filesystem as your system or your users.

Example

<Location /pub>
EnablePut On
AuthType Basic
AuthName Web publishing
AuthUserFile /www/etc/passwd
AuthGroupFile /www/etc/group
<Limit PUT>
require valid-user
</Limit>
</Location>

Remarks

    1. The Publish function of Netscape Gold 3.01 sometimes doesn't work: it returns quickly without any error message nor access to server.
    2. Depending on the rights you assigned to webuser (the user owning the httpd process), uploaded files can be inaccessible for local users (quite benefic), including the web administrator (definitely not a good idea), so adjust the umask adequately.
    3. I've not personnaly tested the EBCDIC support (thanks to Carolyn Weiss for EBCDIC patch), so if you experience problems with it, I'd be happy to ear about it.
    4. Even if this software seems to be quite stable now, please do not hesitate to send any comment, remark to
vincent@hpwww.ec-lyon.fr