W3C home > Mailing lists > Public > www-rdf-interest@w3.org > March 2004

Re: Making MGET more GET-friendly?

From: Dirk-Willem van Gulik <dirkx@asemantics.com>
Date: Fri, 12 Mar 2004 17:38:03 +0100
Message-Id: <A215D542-7443-11D8-8408-000A95CDA38A@asemantics.com>
Cc: www-rdf-interest@w3.org, Sandro Hawke <sandro@w3.org>, Patrick Stickler <patrick.stickler@nokia.com>, David Powell <djpowell@djpowell.net>
To: "Phil Dawes" <pdawes@users.sourceforge.net>


On Mar 12, 2004, at 12:11 PM, Phil Dawes wrote:

> Sandro Hawke writes:
>>
>> Also, is it possible to make a typical Hosting service Apache user
>> account answer MGET?   Does it at least get through to CGI?
>
> I'm afraid not. With the hosted-apache setups I've used you can't even
> do a PUT or DELETE to a cgi (AFAIK apache has to be specifically
> configured to let this through).

I'd hate to spoil the fun here - but you need a fair bit of hacking in 
the
core of apache 1.3 (not a simple module) to add MGET cleanly. Easiest
is to catch it early; rewrite it into a GET; and cause an internal 
redirect
to have the method number set before passing it down deeper. See
http_protocol.c and http_core.c for details; specifically the function
ap_method_number_of(). 2.0 makes it a bit easier. However if you
are running a very open web server (and have no complex method
or other restrictions) then adding MGET is not too bad. Just do make
sure you understand the xs control limitations and document the
results further down the chain.

Given the amount of attacks, cross site scripting and all sorts of 
client
sideabuse out there; convincing the apache developers or the ISPs
to simply add and enable an extra method is not going to be
easy. Have a look at the history for TRACE and the supposedly
blame laid onto the servers to get an idea of how 'unjust' this world
is (which was purely a client side issue; yet it gets spun in a way
which makes operators wary - and cased ISPs to restrict to the brim).

Dw
Received on Friday, 12 March 2004 11:38:23 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 18 February 2014 13:20:07 UTC