- From: Dirk-Willem van Gulik <dirkx@asemantics.com>
- Date: Fri, 12 Mar 2004 17:38:03 +0100
- To: "Phil Dawes" <pdawes@users.sourceforge.net>
- Cc: www-rdf-interest@w3.org, Sandro Hawke <sandro@w3.org>, Patrick Stickler <patrick.stickler@nokia.com>, David Powell <djpowell@djpowell.net>
On Mar 12, 2004, at 12:11 PM, Phil Dawes wrote: > Sandro Hawke writes: >> >> Also, is it possible to make a typical Hosting service Apache user >> account answer MGET? Does it at least get through to CGI? > > I'm afraid not. With the hosted-apache setups I've used you can't even > do a PUT or DELETE to a cgi (AFAIK apache has to be specifically > configured to let this through). I'd hate to spoil the fun here - but you need a fair bit of hacking in the core of apache 1.3 (not a simple module) to add MGET cleanly. Easiest is to catch it early; rewrite it into a GET; and cause an internal redirect to have the method number set before passing it down deeper. See http_protocol.c and http_core.c for details; specifically the function ap_method_number_of(). 2.0 makes it a bit easier. However if you are running a very open web server (and have no complex method or other restrictions) then adding MGET is not too bad. Just do make sure you understand the xs control limitations and document the results further down the chain. Given the amount of attacks, cross site scripting and all sorts of client sideabuse out there; convincing the apache developers or the ISPs to simply add and enable an extra method is not going to be easy. Have a look at the history for TRACE and the supposedly blame laid onto the servers to get an idea of how 'unjust' this world is (which was purely a client side issue; yet it gets spun in a way which makes operators wary - and cased ISPs to restrict to the brim). Dw
Received on Friday, 12 March 2004 11:38:23 UTC