httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Emmanuel E" <emmanue...@gmx.net>
Subject Re: [users@httpd] Disabling PUT DELETE and TRACE on Apache?
Date Wed, 11 Jan 2006 17:49:09 GMT
Oh! This is cool. I didnt realise that mod_access would work inside a Limit 
directive. I toyed with it for a moment before I was led astray by the 
examples highlighting the use of mod_auth.
I just want to be sure I understand this fully.
As per the docs the TRACE method cant be limited, other than by turning off 
TraceEnable  So I guess  I could use the LimitExcept directive and do a
<LimitExcept GET POST>
Order deny,allow
Deny from all
<.LimitExcept>
I am not sure if the above will limit TRACE but then it can be turned off by 
TraceEnable, even if its silly to do so :)

----- Original Message ----- 
From: <httpd2@karsites.net>
To: <users@httpd.apache.org>
Sent: Wednesday, January 11, 2006 9:43 PM
Subject: Re: [users@httpd] Disabling PUT DELETE and TRACE on Apache?


>
> This will do what you want it to, and should apply to the
> whole filesystem, unless you override it somewhere else.
>
> <Directory />
>  Options none
>  AllowOverride none
>  Order deny,allow
>  Deny from all
>  <Limit PUT DELETE TRACE>
>    Order deny,allow
>    Deny from all
>  </Limit>
> </Directory>
>
>
> Keith Roberts
>
> On Wed, 11 Jan 2006, Joost de Heer wrote:
>
>> To: Emmanuel E <emmanuel.e@gmx.net>
>> From: Joost de Heer <sanguis@xs4all.nl>
>> Subject: [users@httpd] Re: Disabling PUT DELETE and TRACE on Apache?
>>
>> Emmanuel E wrote:
>> > Hi,
>> >
>> > Is there any way to disable PUT DELETE and TRACE methods
>> > on Apache? User authentication is one way but then it
>> > still allows authenticated users to use those methods.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message