From Wikibooks, open books for an open world
Jump to navigation Jump to search

The Apache web server is the most popular web server on the Internet. It provides high-performance web pages serving and is very secure.

By default, the out-of-the box Apache server does not allow users to write files to a web server. This is done for security reasons.

WARNING: The following should only be used on Intranet servers and should be reviewed by security professionals in your organizations.

Steps to Configure Apache HTTP Server to Enable "PUT" Operations

[edit | edit source]
  1. Download and install the HTTP Server from apache.org. I am using v2.2.4
  2. Verify that it is serving up regular xhtml files like you think it should
  3. Stop the service
  4. In your httpd.conf uncomment the LoadModule for dav_module and dav_fs_module also uncomment the line "Include conf/extra/httpd-dav.conf" so that the httpd-dav.conf is loaded
  5. edit conf/extras/httpd-dav.conf and change the 'uploads' alias and directory to be what you want them to be. They should match, of course.
  6. To authenticate users you can use the htpasswd command line program to create the password and put it in the uploads directory. Of course, you can also disable password protection during the testing phase of your project.

Sample httpd-dav.conf file

[edit | edit source]

This is what the beginning of my httpd-dav.conf looked like when it was done:

   DavLockDB "E:/httpd/Apache2.2/var/DavLock"
   Alias /uploads "C:/www/xforms/uploads"

   <Directory "C:/www/xforms/uploads">
   Dav On

   Order Allow,Deny
   Allow from all

#AuthType Digest

   AuthType Basic
   AuthName DAV-upload

# You can use the htdigest program to create the password database:
# htdigest -c "E:/httpd/Apache2.2/user.passwd" DAV-upload admin
# AR: I used htpasswd -> htpasswd -c "C:/www/xforms/uploads/user.passwd" admin
#AuthUserFile "E:/httpd/Apache2.2/user.passwd"
   AuthUserFile "C:/www/xforms/uploads/user.passwd"

# Allow universal read-access, but writes are restricted
# to the admin user.
   <LimitExcept GET OPTIONS>
      require user admin

Restarting Apache

[edit | edit source]

After you make any changes to the Apache config files you must restart Apache using the Apache restart command such as:

  apachectl restart


 apachectl stop
 apachectl start

If you have problems, make sure to check the Apache log file. If you get errors you may not have the permissions set correctly for the folder that your form is writing to.

Checking the Access Log File

[edit | edit source]

If your forms do not save, you can also check the Apache access log files. They are usually located in a directory such as:

  Windows: C:\Program Files\Apache Software Foundation\Apache2.2\logs\access.log

If you see a line such as: - - [08/Feb/2007:16:58:01 -0600] "PUT /forms/data.xml HTTP/1.1" 405 235

This indicates that you are getting a HTTP 405 error: Method Not Allowed. A 405 status code is returned when the client has tried to use a "request method" such as PUT or POST that the server does not allow. This means you don't yet have your configuration correct and that your XForms will not save its data.


[edit | edit source]

This example was suggested by Aaron Reed from IBM Corporation Austin TX.