httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pito Salas <>
Subject [users@httpd] A newbie question about http post
Date Mon, 04 Oct 2010 18:23:28 GMT
I was having a debate with a friend of mine. Can you clear this up?

Is it true that I can do an http post to any apache/httpd server and
get it to upload a file? It would seem like an application should give
permission, or at least that httpd could be configured so that an
application needs to give permission.

In other words:

<form action="" method="post" multipart="yes">
  <input type="file" name="big"/>
  <input type="submit" value="go"/>

Will the server accept and process all the gazillion bits of the file
even if no application has said it wants it?

I know it's probably a dumb question (he says it is) but it seems to
be such a big opening for a DOS attack that I can't believe it's

Thanks for any insights (or references where the answer is explained)

- Pito

Check out and

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message