httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Takacs Istvan" <istvan.tak...@hungax.com>
Subject Strange PUT method behavior?
Date Sat, 12 Jan 2002 14:17:11 GMT
Hi,

Red Hat 7.2, Apache 1.3.22

One of our server has that kind of directory structure
what enables for apache user to upload files.
How can I disable to upload files other than the
usage of a browser?
If I telnet to port 80, and use HTTP commands,
then I get this messages:

[root@server]# telnet www.developer.com 80
Trying 192.168.100.54...
Connected to www.developer.com.
Escape character is '^]'.
PUT /path/to/writable/directory /etc/sysconfig/sendmail HTTP/1.1
Host: www.developer.com

HTTP/1.1 301 Moved Permanently
Date: Fri, 11 Jan 2002 18:52:51 GMT
Server: Apache/1.3.22
Location: http://www.developer.com/path/to/writable/directory/
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>301 Moved Permanently</TITLE>
</HEAD><BODY>
<H1>Moved Permanently</H1>
The document has moved <A
HREF="http://www.developer.com/path/to/writable/directory/">here</A>.<P>
<HR>
<ADDRESS>Apache/1.3.22 Server at www.developer.com Port 80</ADDRESS>
</BODY></HTML>
Connection closed by foreign host.

I couldn't find the sendmail file in the given directory, but it's not a
good
Apache message for me.
Can I protect somehow our server from the illegal file uploads?

Thanks in advance!

Regards,

                  Istvan


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message