______________________________________________________________________ Module mod_put RD-LV-003-061197 ______________________________________________________________________ ______________________________________________________________________ Introduction This small module implements the HTTP/1.1 PUT and DELETE methods. Please notice that it can be a big security hole to activate them without securing the web server. [1]Download mod_put.c Configuration Integrating into Apache - compiling and linking To link the put module with Apache, you must rebuild Apache from its sources with adding mod_put in the configuration file: 1. Copy mod_put.c in Apache sources' directory 2. Edit Configuration file according your installation 3. Run the Configure script to rebuild the makefile 4. Build Apache by typing make 5. Install the brand new httpd program 6. Edit the web server configuration files (typically httpd.conf and access.conf) 7. Restart the web daemon Example of a Configuration file ... Module mime_module mod_mime.o Module access_module mod_access.o Module auth_module mod_auth.o Module negotiation_module mod_negotiation.o Module includes_module mod_include.o Module dir_module mod_dir.o Module cgi_module mod_cgi.o ... # # Miscellaneous modules # Module put_module mod_put.o httpd.conf Directives EnablePut On|Off default value: Off context: Directory or Location effect: Enables (or disables) the PUT method. remarks: Before enabling the PUT method, be sure your server is secure. Documents will be created with the rights of the user running httpd, be sure to adjust the access rights accordingly. EnableDelete On|Off default value: Off context: Directory or Location effect: Enables (or disables) the DELETE method. remarks: Before enabling the DELETE method, be sure your server is secure. umask octal_value default value: 007 context: Directory or Location effect: sets the umask for a whole directory (see umask(1)). Allways ensure that write access is limited to trusted users: a malicious user could upload huge files to freeze the file system. In particular, never allow an anonymous write access if your web server is on the same filesystem as your system or your users. Example EnablePut On AuthType Basic AuthName Web publishing AuthUserFile /www/etc/passwd AuthGroupFile /www/etc/group require valid-user Known bugs 1. The Publish function of Netscape Gold 3.01 sometimes doesn't work: it returns quickly without any error message nor access to server. 2. Depending on the rights you assigned to webuser (the user owning the httpd process), uploaded files can be inaccessible for local users (quite benefic), including the web administrator (not good at all), so adjust the umask adequately. This software is in its first beta phase, please do not hesitate to send any comment, remark to [2]vincent@hpwww.ec-lyon.fr References 1. http://hpwww.ec-lyon.fr/~vincent/apache/mod_put.c 2. mailto:vincent@hpwww.ec-lyon.fr