httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Ricker <bric...@wellinx.com>
Subject [users@httpd] The "Limit" Directive and TRACE
Date Fri, 24 Jan 2003 20:46:02 GMT
I am trying to fortify a web server running Apache 1.3.27 against 
cross-site scripting (see 
http://www.extremetech.com/article2/0,3973,841047,00.asp for more 
information).

The problem is that I am trying to disallow the use of TRACE using the 
LIMIT directive. Here is a 'Limit' directives snippet from the Apache 
docs (http://httpd.apache.org/docs/mod/core.html#limit).

When I put the following in the httpd.conf:

<Limit TRACE>
Deny from All
</Limit>

I get the following error:

../bin/apachectl configtest
Syntax error on line 395 of /usr/local/apache/conf/httpd.conf:
TRACE cannot be controlled by <Limit>

Am I missing something here?

Ben Ricker
Wellinx.com


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message