|
|
|
|
Module mod_put
RD-LV-005-051199 |
|
|
|
|
Introduction
This small module implements the HTTP/1.1 PUT and DELETE
methods. Please notice that it can be a big security hole to activate them
without securing the web server.
Configuration
Integration with Apache 1.3.x - compiling and linking
To link mod_put into Apache (recommended for best
performance), just add a add-module clause to your configure
call:
./configure --add-module=/path/to/mod_put.c
Integrating into Apache 1.2.x - compiling and linking
To link the put module with Apache, you must rebuild Apache from its sources
with adding mod_put in the configuration file:
-
Untar mod_put.tar.gz in Apache sources' directory
-
Edit Configuration file according your installation
-
Run the Configure script to rebuild the makefile
-
Build Apache by typing make
-
Install the brand new httpd program
-
Edit the web server configuration files (typically httpd.conf
and access.conf)
-
Restart the web daemon
Example of a Configuration file
...
Module mime_module mod_mime.o
Module access_module mod_access.o
Module auth_module mod_auth.o
Module negotiation_module mod_negotiation.o
Module includes_module mod_include.o
Module dir_module mod_dir.o
Module cgi_module mod_cgi.o
...
#
# Miscellaneous modules
#
Module put_module mod_put.o
httpd.conf Directives
-
EnablePut On|Off
-
default value: Off
-
context: Directory or Location
-
effect: Enables (or disables) the PUT method.
-
remarks: Before enabling the PUT method, be sure your server
is secure.
Documents will be created with the rights of the user running httpd,
be sure to adjust the access rights accordingly.
-
EnableDelete On|Off
-
default value: Off
-
context: Directory or Location
-
effect: Enables (or disables) the DELETE method.
-
remarks: Before enabling the DELETE method, be sure your
server is secure.
-
umask octal_value
-
default value: 007
-
context: Directory or Location
-
effect: sets the umask for a whole directory (see umask(1)).
Allways ensure that write access is limited to trusted users: a malicious
user could upload huge files to freeze the file system. In particular,
never allow an anonymous write access if your web server is on the same
filesystem as your system or your users. |
Example
<Location /pub>
EnablePut On
AuthType Basic
AuthName Web publishing
AuthUserFile /www/etc/passwd
AuthGroupFile /www/etc/group
<Limit PUT>
require valid-user
</Limit>
</Location>
Remarks
-
The Publish function of Netscape Gold 3.01 sometimes doesn't work:
it returns quickly without any error message nor access to server.
-
Depending on the rights you assigned to webuser (the user owning the httpd
process), uploaded files can be inaccessible for local users (quite benefic),
including the web administrator (definitely not a good idea), so adjust
the umask adequately.
-
I've not personnaly tested the EBCDIC support (thanks to Carolyn
Weiss for EBCDIC patch), so if you experience problems with it, I'd
be happy to ear about it.
Even if this software seems to be quite stable now, please do not
hesitate to send any comment, remark to
vincent@hpwww.ec-lyon.fr
|