On Fri, Aug 26, 2005 at 02:56:21PM -0700, Russell Miller wrote: > We wanted to disallow the POST method, because for our purposes we wanted the > arguments to said calls to be logged in the access log. We considered using > LimitExcept, but upon trying it, I saw that a 403 error was returned, and a > search of the bug database showed that you had no plans to fix this.
I don't think returning 403 is a bug; 10.4.4 403 Forbidden The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. > I don't understand your reasoning on that, but anyway. We needed a > 405 error, and the only other way to do it was to test it in the CGI > code itself, which was ugly. But it's really the only place it can be done, from RFC2616; 10.4.6 405 Method Not Allowed The method specified in the Request-Line is not allowed for the resource identified by the Request-URI. The response MUST include an Allow header containing a list of valid methods for the requested resource. httpd can't predict what methods the resource will accept. > So, in true open source style, I hacked on mod_cgi and made a patch. This patch doesn't seem to honour RFC2616, and doesn't add an "Allow:" header to the request. It's also specific to a single method. However, at present I don't think mod_cgi(d) will allow an "Allow:" header through from a CGI, so this probably should be fixed, for this reason. -- Colm MacCárthaigh Public Key: [EMAIL PROTECTED]
