https://bz.apache.org/bugzilla/show_bug.cgi?id=65481
Bug ID: 65481
Summary: PUT request considered as GET by "require " directives
Product: Apache httpd-2
Version: 2.4.29
Hardware: PC
OS: Linux
Status: NEW
Severity: regression
Priority: P2
Component: mod_authz_core
Assignee: bugs@httpd.apache.org
Reporter: aji...@qualys.com
Target Milestone: ---
Error
2021-08-05T06:49:12+00:00 <hostname> httpd[15433]: [authz_core:error] [pid
15433] [cli
ent 10.44.x.xx:60101] AH01630: client denied by server configuration:
/home/www/xxxx/php/receiver/Upload/Queued/file3.txt
Curl request
curl -kv -u "$UPDLOGIN:$UPDPASS" -T /root/install.log
"$NOCURL/receiver/Upload/Queued/file3.txt" 2>&1)
Httpd/access_log
10.44.1.17 - <username> [05/Aug/2021:06:53:23 +0000] "PUT
/receiver/Upload/Queued/file3.txt HTTP/1.1" 200 - "-" "curl/7.71.1" 17102 0
httpd.conf
<Directory "/home/www/XXX/php/receiver/Upload">
require method PUT
AllowOverride All
Options -Indexes +FollowSymLinks -Includes
AuthName "NocHost"
AuthType Basic
AuthUserFile /home/www/XXX/conf/htpasswd_host
Script PUT /receiver/put.php
<Limit PUT>
require valid-user
</Limit>
</Directory>
Conclusion ::
if require clause is modified as follows, It overcomes the errors but I expect
to limit the requests to the PUT method only.
require method PUT GET
Here the PUT requests are considered as GET methods and hence generates errors
if GET requests are blocked.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org
For additional commands, e-mail: bugs-h...@httpd.apache.org
