httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jerry Baker <>
Subject Re: Authentication
Date Thu, 03 Oct 2002 00:12:58 GMT
Joshua Slive says:
> This has the effect of leaving GET unrestricted, according to the bug
> report.  Is this correct behavior?  It seems like, since the other methods
> are not change by the <limitexcept>, the require should still apply to
> them.

That's what I thought at first, but there are two ways of looking at it. 
At first I looked at LimitExcept as a negative declaration. Negative in 
the sense that it meant "ignore GET HEAD POST for the following 
directives". Instead, Apache is treating it as a positive declaration 
that is saying, "do not limit GET HEAD POST". It's a fine distinction, 
but one that may cause confusion.

Jerry Baker

View raw message