iTP Secure WebServer System Administrator's Guide (iTPWebSvr 5.1+)

ManualsBrandsHP ManualsServerHP NonStop G-Series

341

342

343

344

345

346

347

348

349

350

Configuration Directives

iTP Secure WebServer System Administrator’s Guide—522659-001

A-38

PutScript

Syntax

PutScript CGI-script-filename

Description

Use the PutScript directive to indicate that you wish the iTP Secure WebServer to

support the PUT method defined by the HTTP/1.1 protocol. The PUT method stores a

new page or replaces an existing page on the host.

If you do not include this directive, a client can upload content to the host by using the

File Transfer Protocol (FTP) or the POST request method. The differences in operation

among FTP, POST, and PUT are as follows:

•

FTP copies a file to a specified location. Filemap directives in your configuration

file determine the correspondence between URLs and file locations on the server.

•

POST sends data, for example input from a form, to the resource specified by the

URL in the request. For example, the URL could identify an application that accepts

data, a gateway that forwards data, or a resource such as a newsgroup or a database

that can have items added to it.

•

PUT differs from POST in that the content sent in the request is stored under the

specified URL, replacing any content that might have been store there previously.

Clearly, there are security concerns when a client can directly update content on the

server. To use PUT safely, you must provide a CGI script that authenticates the client

and performs any other necessary functions to determine whether the client should be

permitted to make the requested update. Note that this script must include the following

environment variables: PATH_INFO, PATH_TRANSLATED, and SCRIPT_NAME.The

variable CGI-script-filename is required and specifies the location of the script

that performs these functions for the server or within the region.

The iTP Secure WebServer returns an error to the client upon receiving a PUT request in

any of the following cases:

•

If the PutScript directive is not specified for the server or the region to which

the request applies, the iTP Secure WebServer returns the error (404

NOT_FOUND).

•

If the PutScript request is specified but does not include CGI-script-location, the

startup fails.

•

If the PutScript request is specified but the specified script cannot be found, the

iTP Secure WebServer returns the error (404 NOT_FOUND).

•

If the client does not support HTTP/1.1 or later, the iTP Secure WebServer returns

the error (400 BAD-REQUEST)