The Limit/LimitExcept directives are *very* handy and important when mod_dav is being used. In fact, LimitExcept was created specifically in order to avoid listing every new method that might come along via DAV specs and such.
As long as an alternative is available, then I don't care. But the functionality is very important. Cheers, -g On Sat, Sep 18, 2010 at 18:45, Stefan Fritsch <s...@sfritsch.de> wrote: > This is from https://issues.apache.org/bugzilla/show_bug.cgi?id=49927 > > On Saturday 18 September 2010, bugzi...@apache.org wrote: >> --- Comment #3 from Nick Kew <n...@webthing.com> 2010-09-18 >> 06:38:34 EDT --- >> >> > No, the current documentation is correct. The semantics of >> > Limit/LimitExcept is just insane. We should relly get rid if it >> > in 2.4 and improve the docs for 2.2. Maybe the "unprotected" >> > should be big, red, and blinking ;-) >> >> Agreed. We can even document it as superseded by >> <If "$request-method ..."> >> having of course checked the expression parser, which probably >> needs updating to support things like >> "... in GET,HEAD,OPTIONS,TRACE" >> without some nasty great OR expression. > > What do other people think about removing <Limit> and <LimitExcept> > and adding mod_allowmethods from the sandbox to easily forbid some > methods? Or would this create too much trouble when upgrading > configurations? > > > BTW, we could also add an authz provider to allow things like > > Require method GET,HEAD,... > > Though this would be slower than mod_allowmethods because authz > providers have to parse the require line on every request. >
