randy 99/07/29 11:17:48
Modified: htdocs/manual/mod core.html Log: Doc changes. Submitted by: Alan J. Flavell <[EMAIL PROTECTED]> Reviewed by: Randy Terbush Revision Changes Path 1.154 +30 -25 apache-1.3/htdocs/manual/mod/core.html Index: core.html =================================================================== RCS file: /home/cvs/apache-1.3/htdocs/manual/mod/core.html,v retrieving revision 1.153 retrieving revision 1.154 diff -u -r1.153 -r1.154 --- core.html 1999/06/24 16:38:33 1.153 +++ core.html 1999/07/29 18:17:43 1.154 @@ -1321,24 +1321,28 @@ REL="Help" ><STRONG>Status:</STRONG></A> core<P> -<Limit> and </Limit> are used to enclose a group of -access control directives which will then apply only to the specified -access methods, where <EM>method</EM> is any valid HTTP method. -Any directive except another <Limit> or -<A HREF="#directory"><Directory></A> may be used; the majority will be -unaffected by the <Limit>. Example: +Access controls are normally effective for <STRONG>all</STRONG> access +methods, and this is the usual desired behaviour. <STRONG>In the +general case, access control directives should not be placed within a +<CODE><limit></CODE> section.</STRONG> + +<P>The purpose of the <Limit> directive is to restrict the effect +of the access controls to the nominated HTTP methods. For all other +methods, the access restrictions that are enclosed in the +<Limit> bracket <STRONG>will have no effect</STRONG>. The +following example applies the access control only to the methods POST, +PUT, and DELETE, leaving all other methods unprotected: + <BLOCKQUOTE><CODE> -<Limit GET POST><BR> +<Limit POST PUT DELETE><BR> require valid-user<BR> </Limit></CODE></BLOCKQUOTE> -If an access control directive appears outside a <Limit> -directive, then it applies to all access methods. The method names -listed can be one or more of: GET, POST, PUT, DELETE, CONNECT or -OPTIONS. <STRONG>The method name is case-sensitive.</STRONG> -If GET is used it will also restrict HEAD requests. -<STRONG>If you wish to limit all methods, do not include any -<Limit> directive at all.</STRONG> +The method names listed can be one or more of: GET, POST, PUT, DELETE, +CONNECT, OPTIONS, TRACE, PATCH, PROPFIND, PROPPATCH, MKCOL, COPY, +MOVE, LOCK, and UNLOCK. <STRONG>The method name is +case-sensitive.</STRONG> If GET is used it will also restrict HEAD +requests. <P><HR> @@ -2371,24 +2375,25 @@ All valid users can access the directory. </UL> <P> -If <CODE>require</CODE> appears in a <A HREF="#limit"><Limit></A> -section, then it restricts access to the named methods, otherwise -it restricts access for all methods. Example: +Require must be accompanied by <A HREF="#authname">AuthName</A> and +<A HREF="#authtype">AuthType</A> directives, and directives such as +<A HREF="mod_auth.html#authuserfile">AuthUserFile</A> and +<A HREF="mod_auth.html#authgroupfile">AuthGroupFile</A> (to define users and +groups) in order to work correctly. Example: <BLOCKQUOTE><CODE> AuthType Basic<BR> -AuthName somedomain<BR> +AuthName "Restricted Directory"<BR> AuthUserFile /web/users<BR> AuthGroupFile /web/groups<BR> -<Limit GET POST><BR> require group admin<BR> -</Limit> </CODE></BLOCKQUOTE> -Require must be accompanied by <A HREF="#authname">AuthName</A> and -<A HREF="#authtype">AuthType</A> directives, and directives such as -<A HREF="mod_auth.html#authuserfile">AuthUserFile</A> and -<A HREF="mod_auth.html#authgroupfile">AuthGroupFile</A> (to define users and -groups) in order to work correctly.<P><HR> +Access controls which are applied in this way are effective for +<STRONG>all</STRONG> methods. <STRONG>This is what is normally +desired.</STRONG> If you wish to apply access controls only to +specific methods, while leaving other methods unprotected, then place +the <CODE>require</CODE> statement into a <A +HREF="#limit"><Limit></A> section<P><HR> <H2><A NAME="resourceconfig">ResourceConfig directive</A></H2> <!--%plaintext <?INDEX {\tt ResourceConfig} directive> -->