frist44 Posted February 5, 2009 Share Posted February 5, 2009 I have read that these methods aren't enabled unless you load mod_dav, is this true? We have a simple web server hosting up PHP, and just want to make sure those commands can not be run. thanks. Link to comment https://forums.phpfreaks.com/topic/143940-solved-put-delete-enabled-by-default/ Share on other sites More sharing options...
rhodesa Posted February 5, 2009 Share Posted February 5, 2009 in my apache config, i have the following, which i copied from somewhere and should work # Deny PUT/DELETE Requests RewriteEngine on RewriteCond %{REQUEST_METHOD} ^(PUT|DELETE) RewriteRule .* - [F] Link to comment https://forums.phpfreaks.com/topic/143940-solved-put-delete-enabled-by-default/#findComment-755310 Share on other sites More sharing options...
corbin Posted February 5, 2009 Share Posted February 5, 2009 If I remember correctly, PUT as defined by the HTTP protocol works like this: PUT /path/to/somewhere HTTP/1.1 And then /path/to/somewhere would be the CGI script that handles the PUTting. And, Apache does not handle the DELETE header in its core. As far as I know, mod_dav must be in use for DELETE to be used for anything. More info: http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html Hrmm, actually, after looking through the Apache source just now (because I'm curious), it would seem that mod_dav handles PUT as well. /* handle the PUT method */ static int dav_method_put(request_rec *r) But now I'm going to find where that's called from and so on. (Also, it looks like Script PUT /path/to/a/script can be used to tell Apache what to do with all PUT requests.) Hehe this post was over kill, but been curious about this subconsciously for a while now I guess (although I knew that Apache by default does nothing with PUT/DELETE [well not nothing, but essentially nothing]). Link to comment https://forums.phpfreaks.com/topic/143940-solved-put-delete-enabled-by-default/#findComment-755518 Share on other sites More sharing options...
frist44 Posted February 5, 2009 Author Share Posted February 5, 2009 Thanks for the insight Corbin! Link to comment https://forums.phpfreaks.com/topic/143940-solved-put-delete-enabled-by-default/#findComment-755536 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.