HTTP/s

• Creating a secure web server for file upload operations.

Nginx - Enabling PUT

A good alternative for Transferring files to Apache is Nginx because the configuration is less complicated, and the module system does not lead to security issues as Apache can.

When allowing file uploads through HTTP, you must ensure users can't upload and run malicious scripts like web shells, as Apache can easily execute files ending in PHP, while setting up Nginx to do the same is more complex.

Create a Directory to Handle Uploaded Files

sudo mkdir -p /var/www/uploads/SecretUploadDirectory

Change the Owner to www-data

sudo chown -R www-data:www-data /var/www/uploads/SecretUploadDir

Create Nginx Configuration File

Create the Nginx configuration file by creating the file /etc/nginx/sites-available/upload.conf with the contents:

server {
    listen 9001;
    
    location /SecretUploadDirectory/ {
        root    /var/www/uploads;
        dav_methods PUT;
    }
}

Symlink our Site to the sites-enabled Directory

sudo ln -s /etc/nginx/sites-available/upload.conf /etc/nginx/sites-enabled/

Start Nginx

sudo systemctl restart nginx.service

If we get any error messages, check /var/log/nginx/error.log. If using Pwnbox, we will see port 80 is already in use.

Verifying Errors