config/1019: possible followup to PR#145 / POST method to cgi routine sometimes not allowed

Tue, 19 Aug 1997 16:20:14 -0700 (PDT) 

>Number:         1019
>Category:       config
>Synopsis:       possible followup to PR#145 / POST method to cgi routine 
>sometimes not allowed
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    apache (Apache HTTP Project)
>State:          open
>Class:          support
>Submitter-Id:   apache
>Arrival-Date:   Tue Aug 19 16:20:01 1997
>Originator:     [EMAIL PROTECTED]
>Organization:
apache
>Release:        1.2.1
>Environment:
OS = BSD/OS 2.1
compiler = gcc 2.7.2
>Description:
We have a set of cgi routines that customers dialing in through our modem pool
*should* be able to access but no one else should.  The following in our
access.conf file has worked in previous versions of Apache:

<Directory /u/info/www/southwind>
    <Limit POST GET>  
        order deny,allow  
        deny from all
        allow from .southwind.net
    </Limit>
    ErrorDocument 403 /non-southwind-customer.html
</Directory>

Now, some browsers get the message:

    The requested method POST is not allowed for the URL 
/southwind/cgi-bin/checkusage.

Ok, I looked through the bug-report database and saw something similar in
PR#145, and I probably managed to confuse issues initially by posting some
jibberish in comp.infosystems.www.servers.unix a few days ago.  From all outside
appearances it seems that some older browsers are having the trouble, however,
based on the suggestion of telnet-ing to the server port and issuing the request
I get the following from three seperate machines inside our network -- including
the server machine:

$ telnet 206.53.102.28 80  
Trying 206.53.102.28...
Connected to 206.53.102.28.
Escape character is '^]'.
POST /southwind/cgi-bin/checkusage HTTP/1.0


HTTP/1.1 405 Method Not Allowed
Date: Tue, 19 Aug 1997 22:49:32 GMT
Server: Apache/1.2.1
Allow: GET, HEAD, OPTIONS, TRACE
Connection: close
Content-Type: text/html

<HTML><HEAD>
<TITLE>405 Method Not Allowed</TITLE>
</HEAD><BODY>
<H1>Method Not Allowed</H1>
The requested method POST is not allowed for the URL 
/southwind/cgi-bin/checkusage.<P>
</BODY></HTML>
Connection closed by foreign host.


Therefore this does not necessarily appear to be a browser specific problem.  I
have removed the <Limit> block from the aflicted directory as well as making
sure that POST was in, and out, of the Limit block with no observable
difference.

No "errors" are reported in the error log.

Am I mis-configuring the directory?

Please note that this is NOT failing for all or even most customers.
>How-To-Repeat:
The <Directory> config is above.
>Fix:
n
>Audit-Trail:
>Unformatted:

Reply via email to