Re: [users@httpd] Disabling PUT DELETE and TRACE on Apache?

[Emmanuel E]

Oh! This is cool. I didnt realise that mod_access would work inside a Limit 
directive. I toyed with it for a moment before I was led astray by the 
examples highlighting the use of mod_auth.
I just want to be sure I understand this fully.
As per the docs the TRACE method cant be limited, other than by turning off 
TraceEnable  So I guess  I could use the LimitExcept directive and do a
<LimitExcept GET POST>
Order deny,allow
Deny from all
<.LimitExcept>
I am not sure if the above will limit TRACE but then it can be turned off by 
TraceEnable, even if its silly to do so :)

----- Original Message ----- 
From: <[EMAIL PROTECTED]>
To: <users@httpd.apache.org>
Sent: Wednesday, January 11, 2006 9:43 PM
Subject: Re: [EMAIL PROTECTED] Disabling PUT DELETE and TRACE on Apache?



This will do what you want it to, and should apply to the
whole filesystem, unless you override it somewhere else.

<Directory />
 Options none
 AllowOverride none
 Order deny,allow
 Deny from all
 <Limit PUT DELETE TRACE>
   Order deny,allow
   Deny from all
 </Limit>
</Directory>


Keith Roberts

On Wed, 11 Jan 2006, Joost de Heer wrote:

To: Emmanuel E <[EMAIL PROTECTED]>
From: Joost de Heer <[EMAIL PROTECTED]>
Subject: [EMAIL PROTECTED] Re: Disabling PUT DELETE and TRACE on Apache?

Emmanuel E wrote:
> Hi,
>
> Is there any way to disable PUT DELETE and TRACE methods
> on Apache? User authentication is one way but then it
> still allows authenticated users to use those methods.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]