httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <>
Subject Re: [users@httpd] Dav security problem
Date Sun, 14 Mar 2004 19:15:30 GMT

On Sat, 13 Mar 2004, David H wrote:

> Hi Saqib,
> Thanks for the advise. Virtual Host may not solve my
> problem, people still able to get in. My question is
> why am I not being ask for login or deny access under
> normal https and Dav did ask for login?

> > >         <LimitExcept GET POST OPTIONS>
> > >                 require user david
> > >         </LimitExcept>

Because you have explicitly excluded "GET" from requiring authentication.
Since GET is the method used for ordinary web browsers, they don't need to

Remove the <LimitExcept ...> and </LimitExcept> lines if you want to
restrict all access.


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message