On 11/8/05, Eruch Kapadia <ekapadia@xxxxxxxxx> wrote: > > Folks, > > I am trying to restrict certain request methods that the apache server can > accept. For example i would like to disable TRACE, and DELETE methods. > > Please advise how this can be done. To start with, you are most likely wasting your time. The TRACE method is not dangerous, and the DELETE method is probably already rejected by apache, unless you have mod_dav active and unprotected. So you are better off ignoring whatever silly security checklist you are following. But anyway, DELETE can be restricted as follows: <Limit DELETE> Order Allow,Deny Deny from all </Limit> And TRACE can be disabled with the TraceEnable directive in 1.3.34 or 2.0.55 or later. In earlier versions, you need mod_rewrite to disable TRACE as in http://www.apacheweek.com/issues/03-01-24#news Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|