
   
   ______________________________________________________________________
   
Module mod_put

   RD-LV-003-061197
   ______________________________________________________________________
   ______________________________________________________________________
   
Introduction

   This small module implements the HTTP/1.1 PUT and DELETE methods.
       Please notice that it can be a big security hole to activate them
       without securing the web server.
       
                             [1]Download mod_put.c
                                       
Configuration

    Integrating into Apache - compiling and linking To link the put
       module with Apache, you must rebuild Apache from its sources with
       adding mod_put in the configuration file:
       
    1. Copy mod_put.c in Apache sources' directory
    2. Edit Configuration file according your installation
    3. Run the Configure script to rebuild the makefile
    4. Build Apache by typing make
    5. Install the brand new httpd program
    6. Edit the web server configuration files (typically httpd.conf and
       access.conf)
    7. Restart the web daemon
       
    Example of a Configuration file
    
...

Module mime_module         mod_mime.o

Module access_module       mod_access.o
Module auth_module         mod_auth.o
Module negotiation_module  mod_negotiation.o
Module includes_module     mod_include.o
Module dir_module          mod_dir.o
Module cgi_module          mod_cgi.o

...

#
# Miscellaneous modules
#

Module put_module       mod_put.o

  httpd.conf Directives
  
   EnablePut On|Off
       default value: Off
       context: Directory or Location
       effect: Enables (or disables) the PUT method.
       remarks: Before enabling the PUT method, be sure your server is
       secure.
       Documents will be created with the rights of the user running
       httpd, be sure to adjust the access rights accordingly.
   EnableDelete On|Off
       default value: Off
       context: Directory or Location
       effect: Enables (or disables) the DELETE method.
       remarks: Before enabling the DELETE method, be sure your server is
       secure.
   umask octal_value
       default value: 007
       context: Directory or Location
       effect: sets the umask for a whole directory (see umask(1)).
       
   Allways ensure that write access is limited to trusted users: a
   malicious user could upload huge files to freeze the file system. In
   particular, never allow an anonymous write access if your web server
   is on the same filesystem as your system or your users.
       
       
  Example
  
<Location /pub>
EnablePut On
AuthType Basic
AuthName Web publishing
AuthUserFile /www/etc/passwd
AuthGroupFile /www/etc/group
<Limit PUT>
require valid-user
</Limit>
</Location>

Known bugs

    1. The Publish function of Netscape Gold 3.01 sometimes doesn't work:
       it returns quickly without any error message nor access to server.
    2. Depending on the rights you assigned to webuser (the user owning
       the httpd process), uploaded files can be inaccessible for local
       users (quite benefic), including the web administrator (not good
       at all), so adjust the umask adequately.
       
    This software is in its first beta phase, please do not hesitate to
                        send any comment, remark to
       
                                      
    [2]vincent@hpwww.ec-lyon.fr

References

   1. http://hpwww.ec-lyon.fr/~vincent/apache/mod_put.c
   2. mailto:vincent@hpwww.ec-lyon.fr
