On 31.03.2005, at 18:54, Roy T. Fielding wrote:
IMO, it should be off by default on all httpd versions, just as the config should default to no access. Personally, I would prefer that all of the defaults be set internal to the server such that a running httpd with an empty status file would only
I presume you meant *config* instead of *status* file?
be capable of responding successfully to "/" with a simple "You need to configure the server now." Everything else should be a 403 or 404 until it is explicitly configured.
Not that I'd volunteer to implement that but I really like the approach.
+1 on patch.
Same here, +1.
Cheers, Erik
smime.p7s
Description: S/MIME cryptographic signature
