httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From MadHat <mad...@unspecific.com>
Subject OPTIONS Results
Date Wed, 17 Apr 2002 15:43:29 GMT

I hope this makes sense.

When sending an OPTIONS request to an apache server I get some
interesting results, in some instances.  Specifically, on severs that
have come preconfigured from some Linux distributions (and other places
as well), I get:

----
$ telnet localhost 80
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
OPTIONS / HTTP/1.0
 
HTTP/1.1 200 OK
Date: Wed, 17 Apr 2002 08:38:37 GMT
Server: Apache/1.3.22 (Unix)  (Red-Hat/Linux) mod_ssl/2.8.5
OpenSSL/0.9.6 DAV/1.0.2 PHP/4.0.4pl1 mod_perl/1.24_01
Content-Length: 0
Allow: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, PATCH, PROPFIND,
PROPPATCH, MKCOL, COPY, MOVE, LOCK, UNLOCK, TRACE
Connection: close
----

But on an apache I built I get

----
$ telnet localhost 80
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
OPTIONS / HTTP/1.0
 
HTTP/1.1 200 OK
Date: Wed, 17 Apr 2002 14:43:02 GMT
Server: Apache/1.3.23 (Unix) PHP/4.1.1
Content-Length: 0
Allow: GET, HEAD, POST, OPTIONS, TRACE
Connection: close
----

So what I am wondering is what makes all the other options appear in the
Allow: header field.  I would prefer to no have things such as DELETE
appear.  I do have a LIMIT line in the conf that denies access to DELETE
from "any", as this is the default, but it still appears in the Allow:
header field.
  
I have tried removing that line completely and restarting, but it still
appears.  I can verify that I can not DELETE files, but I want to be
able to scan my hosts for the existence of DELETE, for if you see DELETE
on a windows IIS box, you can delete the files (permissions allowing of
course), and in theory, it should be the same for Apache.  
It would make me feel better to not have it listed at all, but I can not
seem to find any information on why it appears.

I have searched, but have not found anything specific to this yet.

What am I missing?

Thanks

-- 
MadHat at Unspecific.com
gpg --keyserver wwwkeys.us.pgp.net --recv-keys 9DDC3E98
Key fingerprint = E786 7B30 7534 DCC2 94D5  91DE E922 0B21 9DDC 3E98


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message