httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joshua Slive" <>
Subject Re: [users@httpd] rejecting non GET/POST methods
Date Sun, 27 Apr 2008 12:42:32 GMT
On Sun, Apr 27, 2008 at 7:43 AM, Robert Montgomery <> wrote:
> Is there a way to tell apache to completely ignore
>  certain methods, ie, PROPFIND, CCM_POST, CONNECT,
>  OPTIONS, etc.. (and NOT write those requests to the
>  log files either!)
>  I've tried LIMIT & LIMIT EXCEPT directives, but I'm
>  not sure if they are working (I still see those
>  requests being logged).
>  Also, are there any methods other than GET/POST that I
>  should also consider allowing?  We do nothing fancy,
>  just typical websites on LAMP platforms, so I know of
>  no need for any methods other than GET/POST.

No, you can't completely ignore HTTP requests. Apache has to do
something with them.

Yes, you can reject those requests using something like
<LimitExcept GET POST>
Order allow,deny
Deny from all

But be careful where you place this block, since it will override any
other access controls.

Yes, you can prevent these requests from being logged using conditional logging:
But you shouldn't do that. You'll never know if you are being attacked
or if there are some problems with your site involving other methods.


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message