Web Server allowing the HTTP PUT Method

Viewing 2 reply threads
  • Author
    Posts
    • #7696
      tyr3ll
      Participant

      Hello!
      As everyone knows the PUT Method can be a concern when allowed on webservers.
      I’ve been through some tests which raise questions i’d like to submit here:

      Using the OPTIONS method, we ask the server what methods are allowed
      for the root path ‘/’ :
      hey@nix:~/# echo -e “OPTIONS / HTTP/1.0n” | nc -v server 80

      HTTP/1.0 200 OK
      Date: Tue, 03 Jul 2012 13:06:15 GMT
      Server: Apache/1.3.27 (Unix) PHP/4.3.9
      Content-Length: 0
      Allow: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, PATCH, PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK, UNLOCK, TRACE

      Great, the apache server says PUT is allowed for ‘/’.
      Now, we know there are the following directories on the server:
      /c/
      /manual/
      /icons/

      Issuing the OPTIONS method again on the ‘/c/’ directory give us:
      hey@nix:~/# echo -e “OPTIONS /c/ HTTP/1.0n” | nc -v server 80

      HTTP/1.0 200 OK
      Date: Tue, 03 Jul 2012 13:16:55 GMT
      Server: Apache/1.3.27 (Unix) PHP/4.3.9
      Content-Length: 0
      Allow: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, PATCH, PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK, UNLOCK, TRACE

      The very same results as for the ‘/’ root directoy: PUT is ALLOWED.
      Now, the ‘/manual/ directory says the same.
      However for the ‘/icons/’ dir, the server answers that only GET, HEAD, OPTIONS, TRACE
      are allowed.

      Well, trying to use the PUT Method to upload a .txt file to the root folder or to ‘/manual/’
      get a negative response:
      “405 Method Not Allowed
      The requested method PUT is not allowed for the URL /manual/test.txt.”

      Of Course the directory i’m trying to upload something to should also be writable
      for the PUT to succeed, but why then the HTTP response is telling us that PUT is not allowed?

      More important, why some directories replies that PUT is allowed and some dont?

    • #47983
      zeroflaw
      Participant

      Hmm not sure. Well, I guess the permissions are set differently for those directories. To be honest I don’t know why the PUT command isn’t working, but I’m guessing it has something to do with the server configuration. Maybe the PUT method is allowed, but not implemented or mapped to the correct handler.

      You could just search on google about the 405 error code in relation to the PUT method. Also look for some info about WebDav. Someone else might have a better answer 😛

    • #47984
      tyr3ll
      Participant

      Thanks for your reply ZF.
      your guessing sounds logical (something wrong on server side config or implementation),
      cause if the PUT method is correctly handled by the server, i should get a “403 Forbidden” or “401 Unauthorized” which would indicate a write permissions issue on the remote folder.

Viewing 2 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?