rasmus 99/08/28 19:50:21
Modified: conf httpd.conf-dist Log: Since modules can add methods arbitrarily now, I think it is a much better idea to take a Prussian stance here. Disallow everything except the methods that are explicitly allowed as opposed to trying to list the methods that are not allowed. Revision Changes Path 1.46 +2 -2 apache-1.3/conf/httpd.conf-dist Index: httpd.conf-dist =================================================================== RCS file: /home/cvs/apache-1.3/conf/httpd.conf-dist,v retrieving revision 1.45 retrieving revision 1.46 diff -u -r1.45 -r1.46 --- httpd.conf-dist 1999/08/28 10:33:15 1.45 +++ httpd.conf-dist 1999/08/29 02:50:21 1.46 @@ -341,10 +341,10 @@ # Order allow,deny # Allow from all # </Limit> -# <Limit PUT DELETE PATCH PROPPATCH MKCOL COPY MOVE LOCK UNLOCK> +# <LimitExcept GET POST OPTIONS PROFIND> # Order deny,allow # Deny from all -# </Limit> +# </LimitExcept> #</Directory> #
