NANOWEB, the aEGiS PHP web server

PUT request method

The PUT request method as defined in RFC2068 (HTTP/1.1) allows clients to upload files to the server much like with FTP. This is normally not desired, so it is encapsulated into an extension module for Nanoweb.

The PUT file upload feature should only be enabled for some dedicated directories using the WriteAccess directive in one of the .nwaccess files. Additionally to this, files can only be overwritten if they were made "world-writable" using chmod o+rw example.file. You could also make a whole directory writeable or chown the writeable files to the user or group id Nanoweb runs with.

Important: For your security you really should make only single files writeable or disable executing of CGI scripts in a dedicated directory, or else anybody may execute arbitrary script code on your server and thus easily spy sensitive data. See the ForceHandler directive on how to prevent uploaded files from being parsed as cgi scripts.
Also very important is to keep the setting "IgnoreDotFiles=1", or else anybody would be able to remove your .nwaccess file.

bugreports are welcome: mario@erphesfurt·de

NANOWEB, the aEGiS PHP web server