frist44 Posted February 5, 2009 Share Posted February 5, 2009 I have read that these methods aren't enabled unless you load mod_dav, is this true? We have a simple web server hosting up PHP, and just want to make sure those commands can not be run. thanks. Quote Link to comment Share on other sites More sharing options...
rhodesa Posted February 5, 2009 Share Posted February 5, 2009 in my apache config, i have the following, which i copied from somewhere and should work # Deny PUT/DELETE Requests RewriteEngine on RewriteCond %{REQUEST_METHOD} ^(PUT|DELETE) RewriteRule .* - [F] Quote Link to comment Share on other sites More sharing options...
corbin Posted February 5, 2009 Share Posted February 5, 2009 If I remember correctly, PUT as defined by the HTTP protocol works like this: PUT /path/to/somewhere HTTP/1.1 And then /path/to/somewhere would be the CGI script that handles the PUTting. And, Apache does not handle the DELETE header in its core. As far as I know, mod_dav must be in use for DELETE to be used for anything. More info: http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html Hrmm, actually, after looking through the Apache source just now (because I'm curious), it would seem that mod_dav handles PUT as well. /* handle the PUT method */ static int dav_method_put(request_rec *r) But now I'm going to find where that's called from and so on. (Also, it looks like Script PUT /path/to/a/script can be used to tell Apache what to do with all PUT requests.) Hehe this post was over kill, but been curious about this subconsciously for a while now I guess (although I knew that Apache by default does nothing with PUT/DELETE [well not nothing, but essentially nothing]). Quote Link to comment Share on other sites More sharing options...
frist44 Posted February 5, 2009 Author Share Posted February 5, 2009 Thanks for the insight Corbin! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.