>Number: 3018
>Category: general
>Synopsis: cannot limit some HTTP methods
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: apache
>State: open
>Class: change-request
>Submitter-Id: apache
>Arrival-Date: Thu Sep 17 03:50:01 PDT 1998
>Last-Modified:
>Originator: [EMAIL PROTECTED]
>Organization:
apache
>Release: 1.3.1 and before
>Environment:
FreeBSD 2.2.7-STABLE
>Description:
I think it is good that apache can limit all HTTP methods, especially HEAD
should be limited.
A patch is following:
--- src/include/httpd.h.ORG Sun Jul 19 07:57:27 1998
+++ src/include/httpd.h Thu Sep 17 19:44:11 1998
@@ -492,7 +492,7 @@
((x) == HTTP_NOT_IMPLEMENTED))
-#define METHODS 8
+#define METHODS 9
#define M_GET 0
#define M_PUT 1
#define M_POST 2
@@ -500,7 +500,8 @@
#define M_CONNECT 4
#define M_OPTIONS 5
#define M_TRACE 6
-#define M_INVALID 7
+#define M_HEAD 7
+#define M_INVALID 8
#define CGI_MAGIC_TYPE "application/x-httpd-cgi"
#define INCLUDES_MAGIC_TYPE "text/x-server-parsed-html"
--- src/main/http_core.c.ORG Mon Jul 13 20:32:39 1998
+++ src/main/http_core.c Thu Sep 17 19:43:30 1998
@@ -1040,6 +1040,12 @@
else if (!strcmp(method, "OPTIONS")) {
limited |= (1 << M_OPTIONS);
}
+ else if (!strcmp(method, "HEAD")) {
+ limited |= (1 << M_HEAD);
+ }
+ else if (!strcmp(method, "TRACE")) {
+ limited |= (1 << M_TRACE);
+ }
else {
return ap_pstrcat(cmd->pool, "unknown method \"",
method, "\" in <Limit>", NULL);
>How-To-Repeat:
>Fix:
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, ]
[you need to include <[EMAIL PROTECTED]> in the Cc line ]
[and leave the subject line UNCHANGED. This is not done]
[automatically because of the potential for mail loops. ]
[If you do not include this Cc, your reply may be ig- ]
[nored unless you are responding to an explicit request ]
[from a developer. ]
[Reply only with text; DO NOT SEND ATTACHMENTS! ]
