Re: GET in Access Log File

[Alexander Klimov <alserkli () inbox ru>]

On Tue, 25 Oct 2005, S.A.B.R.O. Net Security wrote:
> Check out the Limit option in httpd.conf:
>
>         <Limit GET POST>
>                 .
>                 .
>                 .
>         </Limit>
>
> The above, when placed within a <directory /path/to/directory>....
> </directory> section,  will only allow GET and POST requests to that
> directory and it's sub-directories. Anything else will give the 405(Method
> Not Allowed)  response that you see for the CONNECT request.

Limit does not limit access methods -- it limits scope of the enclosed
directives.

http://httpd.apache.org/docs/2.0/mod/core.html#limit:

 Access controls are normally effective for all access methods, and
 this is the usual desired behavior. *In the general case, access
 control directives should not be placed within a <Limit> section.*

 The purpose of the <Limit> directive is to restrict the effect of the
 access controls to the nominated HTTP methods. For all other methods,
 the access restrictions that are enclosed in the <Limit> bracket *will
 have no effect*. The following example applies the access control only
 to the methods POST, PUT, and DELETE, leaving all other methods
 unprotected:

  <Limit POST PUT DELETE>
   Require valid-user
  </Limit>

--
Regards,
ASK