Security Basics mailing list archives
Re: GET in Access Log File
From: Alexander Klimov <alserkli () inbox ru>
Date: Wed, 26 Oct 2005 09:51:45 +0200 (IST)
On Tue, 25 Oct 2005, S.A.B.R.O. Net Security wrote:
Check out the Limit option in httpd.conf: <Limit GET POST> . . . </Limit> The above, when placed within a <directory /path/to/directory>.... </directory> section, will only allow GET and POST requests to that directory and it's sub-directories. Anything else will give the 405(Method Not Allowed) response that you see for the CONNECT request.
Limit does not limit access methods -- it limits scope of the enclosed directives. http://httpd.apache.org/docs/2.0/mod/core.html#limit: Access controls are normally effective for all access methods, and this is the usual desired behavior. *In the general case, access control directives should not be placed within a <Limit> section.* The purpose of the <Limit> directive is to restrict the effect of the access controls to the nominated HTTP methods. For all other methods, the access restrictions that are enclosed in the <Limit> bracket *will have no effect*. The following example applies the access control only to the methods POST, PUT, and DELETE, leaving all other methods unprotected: <Limit POST PUT DELETE> Require valid-user </Limit> -- Regards, ASK
Current thread:
- GET in Access Log File Tony Barry (Oct 24)
- Re: GET in Access Log File ilaiy (Oct 24)
- Re: GET in Access Log File S.A.B.R.O. Net Security (Oct 25)
- Re: GET in Access Log File Tony Barry (Oct 26)
- Re: GET in Access Log File Alexander Klimov (Oct 26)