|
TO Mark Montague: CC Eric Covener, Others: Thanks! As Eric and Mark said, do you have the document or web-link file explain
this viewpoint?( Apache doesn't discriminate the http methods to access CGI.) > Apache doesn't know what methods your CGI understands, so it
doesn't > discriminate. > As Eric said, Apache lets your CGI decide what to do with extension > method. But if you do not want your CGI to decide, then you can
use the > Limit and LimitExcept directives to tell Apache to only allow
certain > methods. Then my mail said that: > And then if I access the HTML file of
"/opt/web/htroot" , the result as following: > The GET, HEAD, OPTIONS can access the HTML file. I don't
set the > limits except TRACE. This is the default ? Whyï Thanks! > -----Original Message----- > From: Mark Montague [mailto:mark@xxxxxxxxxxx] > Sent: Tuesday, March 29, 2011 1:02 PM > To: > Cc: Liu JinGang; 'Eric Covener' > Subject: Re: Apache httpd question(emergent) > > ÂÂOn March 28, 2011 23:22 , "Liu JinGang" <liujg@xxxxxxxxxxxxxx> wrote: > >> Apache doesn't know what methods your CGI understands, so it doesn't > >> discriminate. > > Thanks! > > As you say, I can get the result that: > > CGI is executable by the method of no existence. > > And then do you have the document or web-link file explain this viewpoint? > (I don't find it, but I need to show it to the customer.) > > RFC 2616 defines the HTTP 1.1 protocol. Section > browsers or web servers are allowed to invent new methods > ("extension-method"). The document is http://www.ietf.org/rfc/rfc2616.txt > > As Eric said, Apache lets your CGI decide what to do with extension > method. But if you do not want your CGI to decide, then you can use the > Limit and LimitExcept directives to tell Apache to only allow certain > methods. > > Here is an example for restricting CGI to only GET, HEAD, POST, and > OPTIONS methods. (Notes: Allowing GET automatically allows HEAD. > Also, you still need "TraceEnable Off" because Limit and LimitExcept do > not affect TRACE.) > > TraceEnable Off > <Directory "/opt/web/htroot"> > ÂÂÂÂÂOptions FollowSymLinks ExecCGI > ÂÂÂÂÂAllowOverride all > ÂÂÂÂÂorder allow,deny > <Limit GET POST OPTIONS> > ÂÂÂÂÂÂÂÂÂallow from all > </Limit> > <LimitExcept GET POST OPTIONS> > ÂÂÂÂÂÂÂÂÂdeny from all > </LimitExcept> > </Directory> > > > For more information about Limit and LimitExcept directives, see: > > http://httpd.apache.org/docs/2.2/mod/core.html#limit > http://httpd.apache.org/docs/2.2/mod/core.html#limitexcept > > -- > ÂÂÂMark Montague > ÂÂÂmark@xxxxxxxxxxx |
|