Jump to content

[SOLVED] PUT DELETE enabled by default?


frist44

Recommended Posts

in my apache config, i have the following, which i copied from somewhere and should work :)

 

        #   Deny PUT/DELETE Requests
        RewriteEngine on
        RewriteCond %{REQUEST_METHOD} ^(PUT|DELETE)
        RewriteRule .* - [F]

If I remember correctly, PUT as defined by the HTTP protocol works like this:

 

 

PUT /path/to/somewhere HTTP/1.1

 

 

And then /path/to/somewhere would be the CGI script that handles the PUTting.

 

 

 

And, Apache does not handle the DELETE header in its core.  As far as I know, mod_dav must be in use for DELETE to be used for anything.

 

 

 

More info:

http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html

 

 

 

Hrmm, actually, after looking through the Apache source just now (because I'm curious), it would seem that mod_dav handles PUT as well.

 

/* handle the PUT method */

static int dav_method_put(request_rec *r)

 

But now I'm going to find where that's called from and so on.  (Also, it looks like Script PUT /path/to/a/script can be used to tell Apache what to do with all PUT requests.)

 

 

 

 

 

Hehe this post was over kill, but been curious about this subconsciously for a while now I guess (although I knew that Apache by default does nothing with PUT/DELETE [well not nothing, but essentially nothing]).

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.