Ravens PHP Scripts: Forums
 

 
  Forum Index  •  Forum FAQ  •  Search  •  Memberlist  •  Usergroups  •  Profile  •  Log in to check your private messages  •  Log in

Another Reason to deny PUT
 View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
sixonetonoffun
Spouse Contemplates Divorce



Joined: Jan 02, 2003
Posts: 2496
PostPosted: Tue Sep 21, 2004 1:49 pm Reply with quote
As reported here:
http://isc.sans.org/diary.php?isc=228bfce5af8d06b80afacd1b8d1ffc56
PUT requests are still being used to deface websites. Why take the risk?
You can easily add PUT to the Nuke Sentinel Request Method blocker and/or in your htaccess.

_________________
[b][size=5]openSUSE 11.4-x86 | Linux 2.6.37.1-1.2desktop i686 | KDE: 4.6.41>=4.7 | XFCE 4.8 | AMD Athlon(tm) XP 3000+ | MSI K7N2 Delta-L | 3GB Black Diamond DDR
| GeForce 6200@433Mhz 512MB | Xorg 1.9.3 | NVIDIA 270.30[/size:2b8 
View user's profile Send private message
chatserv
Member Emeritus



Joined: May 02, 2003
Posts: 1389
Location: Puerto Rico
PostPosted: Tue Sep 21, 2004 2:05 pm Reply with quote
Code:
<Limit PUT>


  Order Allow,Deny


  Deny from all


  Allow from xx.xx.xxx.xxx <-- your ip


</Limit>





<Limit GET POST>


  Order Allow,Deny


  Allow from all


</Limit>
 
View user's profile Send private message Visit poster's website
oprime2001
Worker
Worker



Joined: Jun 04, 2004
Posts: 119
Location: Chicago IL USA
PostPosted: Tue Sep 21, 2004 3:52 pm Reply with quote
From the linked sec article, placing a restriction on PUT request would deny file uploads, correct? If so, if I have uploading in a module enabled (e.g. photos in coppermine by registered members), and place a PUT request restriction, the uploading (by members) would fail, correct?
 
View user's profile Send private message
Muffin
Client



Joined: Apr 10, 2004
Posts: 649
Location: UK
PostPosted: Tue Sep 21, 2004 6:04 pm Reply with quote
Would it also affect members uploading their own avatars ?

_________________
Classic Mini rules the bends & bends the rules!
[img] 
View user's profile Send private message
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke


 Jump to:   




View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©