Return-Path: X-Original-To: apmail-httpd-dev-archive@www.apache.org Delivered-To: apmail-httpd-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 72CD99229 for ; Thu, 22 Mar 2012 15:08:20 +0000 (UTC) Received: (qmail 38134 invoked by uid 500); 22 Mar 2012 15:08:19 -0000 Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 38063 invoked by uid 500); 22 Mar 2012 15:08:19 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 38055 invoked by uid 99); 22 Mar 2012 15:08:19 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 22 Mar 2012 15:08:19 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of tevans.uk@googlemail.com designates 209.85.214.45 as permitted sender) Received: from [209.85.214.45] (HELO mail-bk0-f45.google.com) (209.85.214.45) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 22 Mar 2012 15:08:13 +0000 Received: by bkcjg9 with SMTP id jg9so2368392bkc.18 for ; Thu, 22 Mar 2012 08:07:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=WXjT3ByLa6DOX/WQwgFzveyxpzn/+HvBHym4N+mhPO0=; b=QtCfoXTrfX2s2gwRpqMl1W2qcD86vNoV41qWFrmBC+t1WRq0cQkKpXWkkAlTbZIlY7 F+ljnbHDaOvtETwkPCoRXK26dazlkYOGzHykaBItwiubGGlM7NNr1TaTMrDBZdqaHSIV 4JUZNnAyyr4ABLy2QcHnJqcHWFNQjAaAb8vhl73d71e/sMf1HVIDXKpeTYRJuLcTNgDr bLcom0a65tvgyy6o+3nU5PwTnP9VJR0Pi7LZjD5R5vxGN96IQKitmaaSEDEw8yVVO4Hm fkjO7Skys6kOHwkRt0KH9ZO5ciI5s3DVnuEg4P+Q1UAZoI51hxSgTQcN/7fQmQjU+qPW g4pw== MIME-Version: 1.0 Received: by 10.204.153.203 with SMTP id l11mr3094171bkw.31.1332428873521; Thu, 22 Mar 2012 08:07:53 -0700 (PDT) Received: by 10.204.51.200 with HTTP; Thu, 22 Mar 2012 08:07:53 -0700 (PDT) In-Reply-To: <74E8D133-C719-4DA9-8E3D-2F0D95D29AE5@gbiv.com> References: <201203202004.31796.sf@sfritsch.de> <10EBFF04-E21C-4BE2-8373-9335CC4FAC4E@jaguNET.com> <74E8D133-C719-4DA9-8E3D-2F0D95D29AE5@gbiv.com> Date: Thu, 22 Mar 2012 15:07:53 +0000 Message-ID: Subject: Re: TRACE still enabled by default From: Tom Evans To: dev@httpd.apache.org Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Virus-Checked: Checked by ClamAV on apache.org On Wed, Mar 21, 2012 at 7:33 PM, Roy T. Fielding wrote: > TRACE won't work at all if the most popular end-point doesn't support it. > > If folks want to protect clients (including gateways) against their own > stupidity regarding what they choose to send in a TRACE request, then > do so by selectively removing some lines from the response and I will > try to update the standard accordingly. > > Turning it off by default is not an option. =C2=A0I will veto that. > > ....Roy How about providing a simpler way of turning it off, rather than turning it off by default? Arbitrarily, it seems, you can't use Limit or LimitExcept to restrict it, and instead have to use a RewriteRule. Cheers Tom