On Wed, May 17, 2017 at 9:12 AM, Reindl Harald <h.rei...@thelounge.net> wrote:
> <Directory "/">
> <Limit POST>
> RedirectMatch 404 "(?i)\/[\.]{0,1}(cvs|svn)\/"
> </limit>
> </Directory>
>
> that above don't work and don't warn as it is normally the case where a
> "apachectl -t" clearly says "syntax error, xxx not allowed here"
>
> don't work means RedirectMatch also applies to GET-requests which makes it
> really hard to restrict extensions like below only for normal webacess which
> is chained into "AllowMethods GET HEAD POST" but at the same time allow time
> for mod_dav_svn methods
>
> well, and there is also no option to remove one or all global set
> "RedirectMatch" for a specific directory
>
> RedirectMatch 404
> "(?i)\.(asax|ascx|ashx|asmx|asp|aspx|axd|back|backup|bak|bat|cfm|class|class\.php|cmd|conf|config|csproj|dat|data|db[0-9]{0,1}|dll|ds_store|exe|fbcindex|idc|inc|ini|jhtml|jsp|jspa|key|log|mdb|mdf|mscgi|nasl|nsf|ocx|old|pl|py|rb|sample|sav|save|sh|shtm|sql|sqlite|vbproj|vbs|webinfo)$"
These containers should be marked deprecated in 2.4 and riddled with
cautions that they only apply to access control.
Re: the non dev@ related stuff, use <if>.
--
Eric Covener
cove...@gmail.com
