English 中文(简体)
RESTful PUT and DELETE and firewalls
原标题:

In the classic "RESTful Web Services" book (O Reilly, ISBN 978-0-596-52926-0) it says on page 251 "Some firewalls block HTTP PUT and DELETE but not POST."

Is this still true?

If it s true I have to allow overloaded POST to substitute for DELETE.

最佳回答

Firewalls blocking HTTP PUT/DELETE are typically blocking incoming connections (to servers behind the firewall). Assuming you have controls over the firewall protecting your application, you shouldn t need to worry about it.

Also, firewalls can only block PUT/DELETE if they are performing deep inspection on the network traffic. Encryption will prevent firewalls from analyzing the URL, so if you re using HTTPS (you are protecting your data with SSL, right?) clients accessing your web service will be able to use any of the standard four HTTP verbs.

时间:2009-12-04 18:51:48
问题回答

Some 7 layer firewalls could analyze traffic to this degree. But I m not sure how many places would configure them as such. You might check on serverfault.com to see how popular such a config might be (you could also always check with your IT staff)

时间:2009-12-01 20:47:38

I would not worry about overloading a POST to support a DELETE request.

HTML 4.0 and XHTML 1.0 only support GET and POST requests (via ) so it is commonplace to tunnel a PUT/DELETE via a hidden form field which is read by the server and dispathced appropriately. This technique preserves compatibility across browsers and allows you to ignore any firewall issues.

Ruby On Rails and .NET both handle RESTful requests in this fashion.

As an aside GET, POST, PUT & DELETE requests are fully supported through the XMLHttpRequest request object at present. XHTML 2.0 s officially supports GET, POST, PUT & DELETE as well.

时间:2009-12-04 17:58:35

You can configure a firewall to whatever you want ( at least in theory ) so don t be surprised if some sys admins do block HTTP PUT/DELETE.

The danger of HTTP PUT/DELETE is concerning some mis-configured servers: PUT replaces documents (and DELETE deletes them ;-) on the target server. So some sys admins decide up right to block PUT in case a crack is opened somewhere.

Of course we are talking about Firewalls acting at "layer 7" and not just at the IP layer ;-)

时间:2009-12-01 20:48:01


上一篇:
下一篇:


相关问题
Allow RESTful DELETE method in asp.net mvc?

im currently setting up asp.net to accept DELETE http verb in the application. However, when i send "DELETE /posts/delete/1" i always get a 405 Method not allow error. I tried to take a look at ...

时间:2009-11-17 18:46:38 回答:1 展示:1
Most appropriate API for URL shortening service

I ve just finished an online service for shortening URLs (in php5 with Zend Framework); you can enter an URL and you get an short URL (like tinyurl and such sites). I m thinking about the API for ...

时间:2009-11-16 13:11:03 回答:4 展示:1
Use HTTPClient or HttpUrlConnection? [closed]

We re implementing a REST client on JRE 1.4. Seems two good options for a client REST framework are HttpClient and HttpUrlConnection. Is there a reason to use HttpClient over the JRE s ...

时间:2009-11-16 00:59:55 回答:7 展示:1
Why can t I find the truststore for an SSL handshake?

I m using the Spring RESTTemplate on the client side to make calls to a REST endpoint. The client in this case is a Spring app and Tomcat is the servlet container. I m running into issues making a ...

时间:2009-11-12 22:30:29 回答:2 展示:1
Which Http redirects status code to use?

friendfeed.com uses 302. bit.ly uses 301. I had decided to use 303. Do they behave differently in terms of support by browsers ?

时间:2009-11-12 11:36:52 回答:5 展示:1
Three Step Buyonline The RESTful way

We are re-developing our buyonline functionality and we are doing it the RESTful way. The process is a three step one and the customer is asked to enter data at each step. Let s say the three URL s ...

时间:2009-11-10 22:21:00 回答:2 展示:1
热门标签

友情链接

Allggapp Alljchome-教程家园 mvfinale.com-影视剧情大结局大全