httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Richard Pyne <rp...@kinfolk.org>
Subject Re: [users@httpd] The "Limit" Directive and TRACE
Date Fri, 24 Jan 2003 21:31:17 GMT
Before you spend too much time on it, read:

http://online.securityfocus.com/archive/1/307778

--Richard

On Friday 24 January 2003 01:46 pm, Ben Ricker wrote:
> I am trying to fortify a web server running Apache 1.3.27 against
> cross-site scripting (see
> http://www.extremetech.com/article2/0,3973,841047,00.asp for more
> information).
>
> The problem is that I am trying to disallow the use of TRACE using
> the LIMIT directive. Here is a 'Limit' directives snippet from the
> Apache docs (http://httpd.apache.org/docs/mod/core.html#limit).
>
> When I put the following in the httpd.conf:
>
> <Limit TRACE>
> Deny from All
> </Limit>
>
> I get the following error:
>
> ../bin/apachectl configtest
> Syntax error on line 395 of /usr/local/apache/conf/httpd.conf:
> TRACE cannot be controlled by <Limit>
>
> Am I missing something here?
>
> Ben Ricker
> Wellinx.com
>
>
> -------------------------------------------------------------------
>-- The official User-To-User support forum of the Apache HTTP Server
> Project. See <URL:http://httpd.apache.org/userslist.html> for more
> info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " 
>  from the digest: users-digest-unsubscribe@httpd.apache.org For
> additional commands, e-mail: users-help@httpd.apache.org

-- 
Richard B. Pyne
rpyne@kinfolk.org

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message