You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by cleegt <cl...@gmail.com> on 2009/06/19 04:35:00 UTC
Sample program for testing http DELETE or PUT method in tomcat
Dear All,
Because of the security reason imposed by my company, I disabled http
DELETE, PUT methods from the tomcat based on some suggested method mentioned
on the internet. Now, I need to test whether the fix is working or not. So,
I am looking for a sample testing program to test the DELETE and PUT
methods. Is there anyone know where I can find those programs?
Thanks a lot,
-- Chris
--
View this message in context: http://www.nabble.com/Sample-program-for-testing-http-DELETE-or-PUT-method-in-tomcat-tp24104608p24104608.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Sample program for testing http DELETE or PUT method in tomcat
Posted by Mark Thomas <ma...@apache.org>.
cleegt wrote:
> Dear All,
>
> Because of the security reason imposed by my company, I disabled http
> DELETE, PUT methods from the tomcat based on some suggested method mentioned
> on the internet. Now, I need to test whether the fix is working or not. So,
> I am looking for a sample testing program to test the DELETE and PUT
> methods. Is there anyone know where I can find those programs?
I assume you realise those methods are disabled in Tomcat by default anyway?
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Sample program for testing http DELETE or PUT method in tomcat
Posted by Martin Gainty <mg...@hotmail.com>.
Andre-
apache has implemented method handling by hardcoded parameters in /include/httpd.h
#define M_GET 0 /* RFC 2616: HTTP */
#define M_PUT 1 /* : */
#define M_POST 2
#define M_DELETE 3
#define M_CONNECT 4
#define M_OPTIONS 5
#define M_TRACE 6 /* RFC 2616: HTTP */
#define M_PATCH 7 /* no rfc(!) ### remove this one? */
#define M_PROPFIND 8 /* RFC 2518: WebDAV */
#define M_PROPPATCH 9 /* : */
#define M_MKCOL 10
#define M_COPY 11
#define M_MOVE 12
#define M_LOCK 13
#define M_UNLOCK 14 /* RFC 2518: WebDAV */
#define M_VERSION_CONTROL 15 /* RFC 3253: WebDAV Versioning */
#define M_CHECKOUT 16 /* : */
#define M_UNCHECKOUT 17
#define M_CHECKIN 18
#define M_UPDATE 19
#define M_LABEL 20
#define M_REPORT 21
#define M_MKWORKSPACE 22
#define M_MKACTIVITY 23
#define M_BASELINE_CONTROL 24
#define M_MERGE 25
#define M_INVALID 26 /* RFC 3253: WebDAV Versioning */
where the modules/http/http_protocol.c binds each of the aforementioned methods
AP_DECLARE(void) ap_method_registry_init(apr_pool_t *p)
{
methods_registry = apr_hash_make(p);
apr_pool_cleanup_register(p, NULL,
ap_method_registry_destroy,
apr_pool_cleanup_null);
/* put all the standard methods into the registry hash to ease the
mapping operations between name and number */
register_one_method(p, "GET", M_GET);
register_one_method(p, "PUT", M_PUT);
register_one_method(p, "POST", M_POST);
register_one_method(p, "DELETE", M_DELETE);
register_one_method(p, "CONNECT", M_CONNECT);
register_one_method(p, "OPTIONS", M_OPTIONS);
register_one_method(p, "TRACE", M_TRACE);
register_one_method(p, "PATCH", M_PATCH);
register_one_method(p, "PROPFIND", M_PROPFIND);
register_one_method(p, "PROPPATCH", M_PROPPATCH);
register_one_method(p, "MKCOL", M_MKCOL);
register_one_method(p, "COPY", M_COPY);
register_one_method(p, "MOVE", M_MOVE);
register_one_method(p, "LOCK", M_LOCK);
register_one_method(p, "UNLOCK", M_UNLOCK);
register_one_method(p, "VERSION-CONTROL", M_VERSION_CONTROL);
register_one_method(p, "CHECKOUT", M_CHECKOUT);
register_one_method(p, "UNCHECKOUT", M_UNCHECKOUT);
register_one_method(p, "CHECKIN", M_CHECKIN);
register_one_method(p, "UPDATE", M_UPDATE);
register_one_method(p, "LABEL", M_LABEL);
register_one_method(p, "REPORT", M_REPORT);
register_one_method(p, "MKWORKSPACE", M_MKWORKSPACE);
register_one_method(p, "MKACTIVITY", M_MKACTIVITY);
register_one_method(p, "BASELINE-CONTROL", M_BASELINE_CONTROL);
register_one_method(p, "MERGE", M_MERGE);
}
//even if you comment out these hardcoded method assignments you still have to put a patch in for /modules/generators/mod_cgi.c
static int log_script(request_rec *r, cgi_server_conf * conf, int ret,
char *dbuf, const char *sbuf, apr_bucket_brigade *bb,
apr_file_t *script_err)
......
if ((r->method_number == M_POST || r->method_number == M_PUT) &&
*dbuf) {
apr_file_printf(f, "\n%s\n", dbuf);
}
.....
ping me offline as this is definitely not related to TC
but allows one to compare requisite functionality between TC and Apache
Martin
______________________________________________
Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité
Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen.
Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni.
> Date: Fri, 19 Jun 2009 08:20:47 +0200
> From: aw@ice-sa.com
> To: users@tomcat.apache.org
> Subject: Re: Sample program for testing http DELETE or PUT method in tomcat
>
> cleegt wrote:
> > Dear All,
> >
> > Because of the security reason imposed by my company, I disabled http
> > DELETE, PUT methods from the tomcat based on some suggested method mentioned
> > on the internet. Now, I need to test whether the fix is working or not. So,
> > I am looking for a sample testing program to test the DELETE and PUT
> > methods. Is there anyone know where I can find those programs?
> >
> If perl is installed on your system (and otherwise just install it),
> look at the lwp-request program.
>
> lwp-request -m (method) URL
>
> There are a bunch of options that will allow you to see the request
> content and response details.
>
> I'm sure there's also a couple of utilities Unix/Linux-side which do
> similar things. Maybe curl ?
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
_________________________________________________________________
Microsoft brings you a new way to search the web. Try Bing™ now
http://www.bing.com?form=MFEHPG&publ=WLHMTAG&crea=TEXT_MFEHPG_Core_tagline_try bing_1x1
Re: Sample program for testing http DELETE or PUT method in tomcat
Posted by André Warnier <aw...@ice-sa.com>.
cleegt wrote:
> Dear All,
>
> Because of the security reason imposed by my company, I disabled http
> DELETE, PUT methods from the tomcat based on some suggested method mentioned
> on the internet. Now, I need to test whether the fix is working or not. So,
> I am looking for a sample testing program to test the DELETE and PUT
> methods. Is there anyone know where I can find those programs?
>
If perl is installed on your system (and otherwise just install it),
look at the lwp-request program.
lwp-request -m (method) URL
There are a bunch of options that will allow you to see the request
content and response details.
I'm sure there's also a couple of utilities Unix/Linux-side which do
similar things. Maybe curl ?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Sample program for testing http DELETE or PUT method in tomcat
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Chris,
On 6/18/2009 10:35 PM, cleegt wrote:
> Because of the security reason imposed by my company, I disabled http
> DELETE, PUT methods from the tomcat based on some suggested method mentioned
> on the internet. Now, I need to test whether the fix is working or not. So,
> I am looking for a sample testing program to test the DELETE and PUT
> methods. Is there anyone know where I can find those programs?
How about good old telnet? HTTP is a very readable protocol. Note that
PUT and DELETE are disabled by default in a standard Tomcat install. You
should have to take action to /enable/ these methods.
$ telnet host 80
Trying [ip address]...
Connected to host.
Escape character is '^]'.
DELETE /path/to/resource HTTP1.1
HTTP/1.1 405 Method Not Allowed
Date: Wed, 24 Jun 2009 14:35:07 GMT
Server: Apache
Allow: GET,HEAD,POST,OPTIONS
Content-Length: 319
Connection: close
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>405 Method Not Allowed</title>
</head><body>
<h1>Method Not Allowed</h1>
<p>The requested method DELETE is not allowed for the URL
/path/to/resource.</p>
<hr>
<address>Apache Server at [host] Port 80</address>
</body></html>
Connection closed by foreign host.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkpCOgUACgkQ9CaO5/Lv0PB/KQCgoLWibqqELJzBuMKkqRrGIyrd
ka0AoL/2mqI+iYfrUf8PnVYuXfFx19j8
=tVZF
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org