You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Forrest Aldrich <fo...@forrie.com> on 2004/08/20 23:57:56 UTC

[users@httpd] Apache PUT Configuration and Security...

One of our internal requirements is to upload custom web content, and 
WYSIWYG thereof.

Mozilla Composer uploads edited contend useing ftp or HTTP PUT (perhaps 
HTTP POST?).  We can implement the server side of this using PHP, but 
can't confirm.   Using FTP has the problem of integration with our 
authentication/access mechanism, which uses an encrypted ticket in an 
HTTP cookie.   Thus, I'm thinking we'll need HTTP PUT support to make 
this feature possible.

I wonder if we can configure PUT with Apache, and how to do this 
securely. and limit the acceptable URLs (ie: /some/path/pages/*/*) and 
ensure that no scripts or binaries are ever executed from there.   Is 
there a mod_put or something that will handle the file writing, or will 
I need to write a CGI to do accomplish this?

Thanks.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Apache PUT Configuration and Security...

Posted by Nick Kew <ni...@webthing.com>.

On Fri, 20 Aug 2004, Forrest Aldrich wrote:

> I wonder if we can configure PUT with Apache,

I expect the manual pages fro mod_dav will tell you.

>	 and how to do this
> securely.

Insufficient information.  Security is relative.

>	 and limit the
	acceptable URLs (ie: /some/path/pages/*/*) and

See above.

> ensure that no scripts or binaries are ever executed from there.   Is

Simple application of Options and AllowOverride.

> there a mod_put or something that will handle the file writing, or will
> I need to write a CGI to do accomplish this?

Your choice.

-- 
Nick Kew

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org