httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Ricker <>
Subject [users@httpd] The "Limit" Directive and TRACE
Date Fri, 24 Jan 2003 20:46:02 GMT
I am trying to fortify a web server running Apache 1.3.27 against 
cross-site scripting (see,3973,841047,00.asp for more 

The problem is that I am trying to disallow the use of TRACE using the 
LIMIT directive. Here is a 'Limit' directives snippet from the Apache 
docs (

When I put the following in the httpd.conf:

<Limit TRACE>
Deny from All

I get the following error:

../bin/apachectl configtest
Syntax error on line 395 of /usr/local/apache/conf/httpd.conf:
TRACE cannot be controlled by <Limit>

Am I missing something here?

Ben Ricker

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message