I just want to be sure I understand this fully.As per the docs the TRACE method cant be limited, other than by turning off TraceEnable So I guess I could use the LimitExcept directive and do a
<LimitExcept GET POST> Order deny,allow Deny from all <.LimitExcept>I am not sure if the above will limit TRACE but then it can be turned off by TraceEnable, even if its silly to do so :)
----- Original Message ----- From: <httpd2@xxxxxxxxxxxx>
To: <users@xxxxxxxxxxxxxxxx> Sent: Wednesday, January 11, 2006 9:43 PM Subject: Re: [users@httpd] Disabling PUT DELETE and TRACE on Apache?
This will do what you want it to, and should apply to the whole filesystem, unless you override it somewhere else. <Directory /> Options none AllowOverride none Order deny,allow Deny from all <Limit PUT DELETE TRACE> Order deny,allow Deny from all </Limit> </Directory> Keith Roberts On Wed, 11 Jan 2006, Joost de Heer wrote:To: Emmanuel E <emmanuel.e@xxxxxxx> From: Joost de Heer <sanguis@xxxxxxxxx> Subject: [users@httpd] Re: Disabling PUT DELETE and TRACE on Apache? Emmanuel E wrote: > Hi, > > Is there any way to disable PUT DELETE and TRACE methods > on Apache? User authentication is one way but then it > still allows authenticated users to use those methods.--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx