From: Joshua Slive
Date: Tue, 29 Jul 2003 15:15:29 +0000 (+0000)
Subject: REALLY discourage people from using .
X-Git-Tag: pre_ajp_proxy~1329
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8fe2da439c8116dca885ce815cbf8d295a429d0c;p=thirdparty%2Fapache%2Fhttpd.git
REALLY discourage people from using .
(Because people don't necessarily know all the methods that their
server deals with, and because crummy cgi scripts may take
"post" and treat it like "POST" or other similar bad
behavior.)
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@100839 13f79535-47bb-0310-9956-ffa450edef68
---
diff --git a/docs/manual/mod/core.html.en b/docs/manual/mod/core.html.en
index 2a1b0d1f992..49f14f22b18 100644
--- a/docs/manual/mod/core.html.en
+++ b/docs/manual/mod/core.html.en
@@ -1504,6 +1504,12 @@ methods
restrict HEAD requests. The TRACE method
cannot be limited.
+ A
<LimitExcept> section should always be
+ used in preference to a
<Limit> section when restricting access,
+ since a
<LimitExcept> section provides protection
+ against arbitrary methods.
+
+
diff --git a/docs/manual/mod/core.xml b/docs/manual/mod/core.xml
index 8b4854f06c7..5c60d77ea28 100644
--- a/docs/manual/mod/core.xml
+++ b/docs/manual/mod/core.xml
@@ -1453,6 +1453,15 @@ methods
case-sensitive. If
GET is used it will also
restrict
HEAD requests. The
TRACE method
cannot be limited.
+
+
A LimitExcept section should always be
+ used in preference to a Limit section when restricting access,
+ since a LimitExcept section provides protection
+ against arbitrary methods.
+