httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joshua Slive" <>
Subject Re: [users@httpd] .htaccess for script aliased directories
Date Sat, 26 Apr 2008 00:10:11 GMT
On Fri, Apr 25, 2008 at 4:32 PM, Danie Qian <> wrote:

>  On second thought, I tested the setting by commentting out the 'require
> valid-user' line completely to see what the browsor gets for other methods,
>  it is actually a 403 forbidden error instead of a open 200. So i guess I
> was fine with the <limit>GET POST</limit> lines - it only triggers a login
> prompt for GET & POST while leaving the others forbidden. Am I wrong?

You may or may not create an immediate security problem by using
<Limit>. But regardless, it is a bad idea. It could easily open a
security hole in the future if you ever change the configuration of
the content behind the restriction. And why use a complex config, when
the simple one is better and more secure?


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message