httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <>
Subject Re: [users@httpd] The "Limit" Directive and TRACE
Date Fri, 24 Jan 2003 20:56:47 GMT

On Fri, 24 Jan 2003, Ben Ricker wrote:

> I am trying to fortify a web server running Apache 1.3.27 against
> cross-site scripting (see
>,3973,841047,00.asp for more
> information).
> The problem is that I am trying to disallow the use of TRACE using the
> LIMIT directive.


I suspect (though I haven't tested) you could also use
SetEnvIf Request_Method TRACE trace_request
Order allow,deny
allow from all
deny from env=trace_request


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message