On Mon, 22 Jul 2002, Rodent of Unusual Size wrote: > [EMAIL PROTECTED] wrote: > > ...snip > > > > <Directory /my/secrets> > > AuthType basic > > AuthName Restricted area > > <Limit POST> > > require valid-user > > </Limit> > > </Directory> > > > > Same here when using a GET. (Note - I've not even started with 'allow > > from' or 'satisfy any complexity). > > Do exactly what it says to do, no more and no less: only apply > restrictions for POST requests. Maybe it isn't what they intended, > but trying to be smarter that the user will not only get us in > trouble, but will also treble the confusion and support queries in > an already confusing area.
note that this situation is a bit different from the others since the apache core will pass ALL requirements (limited or not) to every auth module. Each individual auth module can make its own decision in this case (i.e. there are requirements for some methods and no requirements for other methods). This is along that grey line of 'this is how the "standard" auth modules deal with this situation' - not 'this is how auth will work in apache'. sterling
