httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Scott Koranda <>
Subject [users@httpd] scope of <Limit> and use with other modules
Date Tue, 17 Jan 2012 21:07:00 GMT

I want to use the <Limit> directive to apply one set of
constraints for POST and not have those constraints apply for
all other methods.

The constraints are not part of the Apache httpd core. They
come from another module (Shibboleth).

I first tried this:

<Directory /path/to/cgi/scripts >
    AuthType shibboleth
    Require shibboleth

    <Limit POST>
        ShibRequestSetting requireSession 1
        Require valid-user


I find that the 'ShibRequestSetting requireSession 1', valid
for the module,  appears to be applied to the entire
<Directory> configuration directive and not just to POSTs.

Is that because <Limit> only "masks" the 'Require'
configuration directive and nothing else?


Scott K

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message