Accessory Scripts

In addition to having a fully configurable CGI script interface to handle form requests, W3C httpd has a few special directives to handle certain tasks always via CGI scripts:

keyword searches
general POST
general PUT
general DELETE

Keyword Search Facility

Server automatically calls a script to perform search, if the absolute pathname of search script is supplied by a Search directive in the configuration file:

        Search /search/script/pathname

This script is called with the vital information in the following CGI environment variables:

PATH_INFO: contains the virtual URL of the file from where the query was issued from.
PATH_TRANSLATED: contains the physical filename of the document corresponding to the virtual URL in PATH_INFO.
QUERY_STRING: contains the (URL-encoded) keywords, which are also available decoded as command line parameters, one in each of argv[1], argv[2], ...

Search script must conform to CGI/1.1 rules, that is, it has to start its output with a MIME header followed by a blank line, after which comes the actual document. MIME header must contain either a Location: field, or a Content-Type: field, typically:

        Content-Type: text/html

if the document is an HTML document.

General POST Method Handler Script

POST requests are handled by calling the script defined by POST-Script directive:

        POST-Script  /absolute/path/post-handler

POST handler script is called in the normal CGI manner, and its output must be CGI compliant.

Note: Only such POST requests are handled by the POST handler that haven't already matched an Exec rule (which causes a specified script to be called).

General PUT Method Handler Script

PUT requests are handled by calling the script defined by PUT-Script configuration directive:

        PUT-Script  /absolute/path/put-handler

PUT handler script is called in the normal CGI manner, and its output must be CGI compliant.

Note: By default PUT method is disabled; you must explicitly enable it in the configuration file:

        Enable PUT

This is to enhance security.

IMPORTANT: Since PUT can be a very dangerous method because it allows files to be written back to the server, it is not possible to use PUT without access authorization module being activated. This means that you have to have at least a DefProt rule specifying a default protection setup, which then in turn defines the PutMask containing the list of allowed users and hosts to perform PUT operation.

General DELETE Method Handler Script

DELETE requests are handled by calling the script defined by DELETE-Script configuration directive:

        DELETE-Script  /absolute/path/put-handler

DELETE handler script is called in the normal CGI manner, and its output must be CGI compliant.

Note: By default DELETE method is disabled; you must explicitly enable it in the configuration file:

        Enable DELETE

This is to enhance security.

IMPORTANT: Since DELETE can be a very dangerous method because it allows files to be deleted from the server, it is not possible to use DELETE without access authorization module being activated. This means that you have to have at least a DefProt rule specifying a default protection setup, which then in turn defines the DeleteMask containing the list of allowed users and hosts to perform DELETE operation.

httpd@w3.org, July 1995