|
|
|
Module mod_put
Last change: 2004-02-18 |
|
|
|
Introduction
This small module implements the HTTP/1.1 PUT and DELETE
methods with Apache 2.x. Please notice that it can be a big security hole to
activate them without securing the web server.
Configuration
Integration with Apache 2.x - compiling and linking
The simple way is compiling with APXS. All you have to do is:
-
Untar mod_put-2.0.tar.gz anywhere you wish
-
Edit the Makefile file and change the path to /apache2/bin/apxs according your installation
-
Build the module by typing make
-
Install the binary with make install
-
If you want the load command automatically added to your httpd.conf then type
make installfirst
-
Restart Apache2.
Example of a Configuration file
...
LoadModule negotiation_module modules/mod_negotiation.o
LoadModule includes_module modules/mod_include.o
LoadModule dir_module modules/mod_dir.o
LoadModule cgi_module modules/mod_cgi.o
...
#
# Miscellaneous modules
#
LoadModule put_module modules/mod_put.o
httpd.conf Directives
-
PUT_EnablePut On|Off
-
default value: Off
-
context: Directory or Location
-
effect: Enables (or disables) the PUT method.
-
remarks: Before enabling the PUT method, be sure your server
is secure.
Documents will be created with the rights of the user running httpd,
be sure to adjust the access rights accordingly.
-
PUT_EnableDelete On|Off
-
default value: Off
-
context: Directory or Location
-
effect: Enables (or disables) the DELETE method.
-
remarks: Before enabling the DELETE method, be sure your
server is secure.
-
PUT_DirMask apr_fileperms_t value
-
default value: APR_UREAD|APR_UWRITE|APR_UEXECUTE
-
context: Directory or Location
-
effect: sets the permission for a whole directory (see APR).
-
PUT_FileMask apr_fileperms_t value
-
default value: APR_UREAD|APR_UWRITE
-
context: Directory or Location
-
effect: sets the permission for a single file.
-
PUT_BlockSize decimal value
-
default value: 2048
-
context: Directory or Location
-
effect: sets the internal blocksize used by the module for file buffers.
| Allways ensure that write access is limited to trusted users: a malicious
user could upload huge files to freeze the file system. In particular,
never allow an anonymous write access if your web server is on the same
filesystem as your system or your users. |
Example
<Location /pub>
EnablePut On
AuthType Basic
AuthName Web publishing
AuthUserFile /www/etc/passwd
AuthGroupFile /www/etc/group
<Limit PUT>
require valid-user
</Limit>
</Location>
Remarks
-
The Publish function of Netscape Gold 3.01 sometimes doesn't work:
it returns quickly without any error message nor access to server.
-
Depending on the rights you assigned to webuser (the user owning the httpd
process), uploaded files can be inaccessible for local users (quite benefic),
including the web administrator (definitely not a good idea), so adjust
the umask adequately.
-
I've not personnaly tested the EBCDIC support (thanks to Carolyn
Weiss for EBCDIC patch), so if you experience problems with it, I'd
be happy to ear about it.
Even if this software seems to be quite stable now, please do not
hesitate to send any comment, remark to
G. Knauf