We are familiar with HTTP The request method is GET,POST and HEAD. however , Except for these two ,HTTP There are other request methods .
WebDAV （Web-based Distributed Authoring and Versioning） Based on
HTTP 1.1 Protocol communication protocol . It expands HTTP 1.1, stay GET,POST,HEAD Wait a few HTTP Some new methods have been added to the standard method , Make applications available for Web
Server Direct reading and writing , And support write file locking (Locking) And unlock (Unlock), It also supports version control of files .
WebDAV Although it is convenient for the website administrator to manage the website , But it also brings new security risks !
* PUT： because PUT The method has no verification mechanism , utilize PUT Method can upload files to the server , Therefore, malicious attackers can upload malicious files such as Trojans .
* DELETE： utilize DELETE Method to delete specific resource files on the server , Causing malicious attacks .
* OPTIONS： The server information will be exposed , Such as middleware version , Supported HTTP Methods, etc .
* TRACE： Can echo requests received by the server , It is mainly used for testing or diagnosis , Generally, there are reflective cross site vulnerabilities
Here are WebDAV Supported HTTP Request method .
method describe GET Get Length is limited to 1024, Very fast , unsafe , stay URL You can see it in it ,URL Submit parameters to ? separate , For multiple parameters & connect , Request the specified page information , And return the entity body .
HEAD be similar to get request , It's just that there is no specific content in the returned response , Used to get the header POST
The length is generally unlimited , Limited by middleware , slower , security ,URL It's not visible in it . Request parameters in packet request body in PUT Upload its latest content to the specified resource location DEL