为什么某些请求会出现 HTTP 501 错误?

Why do I get HTTP 501 errors for certain requests?

我为自己编写了一个简单的网络应用程序,当我在一个只允许 http 和 https 端口的地方时,我可以在我的服务器上编辑文件...

但是我遇到了一个奇怪的问题。

通常这些 headers 在我保存文件时交换(机密信息已删除):

https://example.com/?

POST /? HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:36.0) Gecko/20100101 Firefox/36.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: hu-HU,en-US;q=0.8,hu;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Referer: https://example.com/?path=/home/csirmazd/public_html/[...]/fs/view/login.php&view=preview
Cookie: [...]
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 644
[...]

HTTP/1.1 303 See Other
Date: Sat, 28 Mar 2015 14:57:40 GMT
Server: Apache/2.2.29 (Unix) mod_ssl/2.2.29 OpenSSL/1.0.1e-fips mod_bwlimited/1.4
X-Powered-By: PHP/5.4.36
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Location: ?path=/home/csirmazd/public_html/[...]/fs/view/login.php&view=preview
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
----------------------------------------------------------
https://example.com/?path=/home/csirmazd/public_html/[...]/fs/view/login.php&view=preview

GET /?path=/home/csirmazd/public_html/[...]/fs/view/login.php&view=preview HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:36.0) Gecko/20100101 Firefox/36.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: hu-HU,en-US;q=0.8,hu;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Referer: https://example.com/?path=/home/csirmazd/public_html/[...]/fs/view/login.php&view=preview
Cookie: [...]
Connection: keep-alive

HTTP/1.1 200 OK
Date: Sat, 28 Mar 2015 14:57:40 GMT
Server: Apache/2.2.29 (Unix) mod_ssl/2.2.29 OpenSSL/1.0.1e-fips mod_bwlimited/1.4
X-Powered-By: PHP/5.4.36
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
----------------------------------------------------------

但是当我尝试保存另一个特定文件时,即 dir.php 有些不同:

https://example.com/?

POST /? HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:36.0) Gecko/20100101 Firefox/36.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: hu-HU,en-US;q=0.8,hu;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Referer: https://example.com/?path=/home/csirmazd/public_html/[...]/fs/view/dir.php&view=preview
Cookie: [...]
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 4604
[...]

HTTP/1.1 501 Method Not Implemented
Date: Sat, 28 Mar 2015 15:03:04 GMT
Server: Apache/2.2.29 (Unix) mod_ssl/2.2.29 OpenSSL/1.0.1e-fips mod_bwlimited/1.4
Allow: TRACE
Content-Length: 458
Connection: close
Content-Type: text/html; charset=iso-8859-1
X-Pad: avoid browser bug
----------------------------------------------------------

浏览器中的消息是

GET to / not supported.

什么?那为什么它对其他一切都有效?

底层 PHP 代码根本没有被调用。

起初我认为这是一个有问题的 .htaccess。但是如果我记得我禁用了它,在根目录中有一个 RewriteEngine On 。所以我不认为这是问题所在。 (它仍然通过调用 index.php 来处理 example.com/。)

我的第二个想法是 POST 请求的最大大小非常小。但是我可以毫无问题地编辑更大的文件。

现在我 运行 没有想法,我不知道去哪里找。

有什么想法吗?

问题的根源似乎是托管提供商在 Apache 服务器上安装的 ModSecurity 模块。

others had issues with it too on a different site.

所以我尝试了一个实验,将相同的内容发布到一个随机的 URI,但得到了和以前一样的错误。显然,当您从表单提交代码时,这个东西不喜欢。

所以显而易见的解决方案是将其关闭。

在我的特殊情况下,我的 cPanel 中没有关闭它的选项,所以我设法通过在客户端对表单内容进行 base64 编码来绕过它。