Minor configuration updates to ensure PUT is not hijacked by WebDAV module

Author: maartenba

src/NuGet.Server/Core/Helpers.cs

@@ -14,7 +14,7 @@ public static string GetRepositoryUrl(Uri currentUrl, string applicationPath)
 
         public static string GetPushUrl(Uri currentUrl, string applicationPath)
         {
-            return GetBaseUrl(currentUrl, applicationPath) + "nuget";
+            return GetBaseUrl(currentUrl, applicationPath) + "api/v2/package";
         }
 
         public static string GetBaseUrl(Uri currentUrl, string applicationPath)

src/NuGet.Server/Default.aspx

@@ -24,12 +24,12 @@
                 <strong><%= Helpers.GetRepositoryUrl(Request.Url, Request.ApplicationPath) %></strong>
             </blockquote>
             <% if (string.IsNullOrEmpty(ConfigurationManager.AppSettings["apiKey"])) { %>
-            To enable pushing packages to this feed using the nuget command line tool (nuget.exe). Set the api key appSetting in web.config.
+            To enable pushing packages to this feed using the <a href="https://www.nuget.org/downloads">NuGet command line tool</a> (nuget.exe), set the api key appSetting in web.config.
             <% } else { %>
-            Use the command below to push packages to this feed using the nuget command line tool (nuget.exe).
+            Use the command below to push packages to this feed using the <a href="https://www.nuget.org/downloads">NuGet command line tool</a> (nuget.exe).
             <% } %>
             <blockquote>
-                <strong>nuget push {package file} -s <%= Helpers.GetPushUrl(Request.Url, Request.ApplicationPath) %> {apikey}</strong>
+                <strong>nuget.exe push {package file} {apikey} -Source <%= Helpers.GetPushUrl(Request.Url, Request.ApplicationPath) %></strong>
             </blockquote>            
         </fieldset>
 

src/NuGet.Server/Web.config

@@ -69,6 +69,18 @@
       <mimeMap fileExtension=".nupkg" mimeType="application/zip" />
     </staticContent>
     <modules runAllManagedModulesForAllRequests="true">
+      <remove name="WebDAVModule" />
     </modules>
+    <handlers>
+      <remove name="WebDAV" />
+
+      <remove name="ExtensionlessUrlHandler-Integrated-4.0" />
+      <add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="GET,HEAD,POST,PUT,DEBUG" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
+    </handlers>
+    <security>
+      <requestFiltering>
+        <requestLimits maxAllowedContentLength="31457280" />
+      </requestFiltering>
+    </security>
   </system.webServer>
 </configuration>