Joshua Slive says: > This has the effect of leaving GET unrestricted, according to the bug > report. Is this correct behavior? It seems like, since the other methods > are not change by the <limitexcept>, the require should still apply to > them.
That's what I thought at first, but there are two ways of looking at it. At first I looked at LimitExcept as a negative declaration. Negative in the sense that it meant "ignore GET HEAD POST for the following directives". Instead, Apache is treating it as a positive declaration that is saying, "do not limit GET HEAD POST". It's a fine distinction, but one that may cause confusion. -- Jerry Baker