httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Fritsch ...@sfritsch.de>
Subject Re: Remove <Limit> and <LimitExcept> ?
Date Sun, 19 Sep 2010 19:05:29 GMT
On Sunday 19 September 2010, Paul Querna wrote:
> This is the module that infrastructure uses (and I wrote) to
> replace use of limits on *.apache.org:
> <https://svn.apache.org/repos/infra/infrastructure/trunk/projects/m
> od_allowmethods/mod_allowmethods.c>
> 
> It was written after the last attack on our servers in which the
> attackers uploaded CGI scripts;  We have some specific use cases
> where we want to allow CGI in some places, but all of them have
> very limited methods they should accept.  Trying to configure
> <Limit for our use case and diverse set of vhosts would of meant
> duplicating the config in hundreds of places.  I don't think the
> module is really great as an alternative, but it is one path to
> consider, and is working for at least one use case :)

Yes, Igor Galic has commited it here and has written some docs:

http://svn.apache.org/viewvc/httpd/sandbox/mod_allowmethods/

I agree that it is useful for some use cases but is not enough as a 
complete Limit/LimtExcept replacement. In any case, I am in favour of 
adding it to trunk.

Mime
View raw message