Restricting Specific HTTP Methods

Previous page
Table of content
Next page

<Directory /home/*/public_html>  AllowOverride FileInfo AuthConfig Limit  Options MultiViews Indexes SymLinksIfOwnerMatch       IncludesNoExec  <Limit GET POST OPTIONS PROPFIND>   Order allow,deny   Allow from all  </Limit>  <LimitExcept GET POST OPTIONS PROPFIND>    Order deny,allow    Deny from all  </LimitExcept> </Directory>


You can control access to your server based on the HTTP method of the request using <Limit> and <LimitExcept> directives. This example, taken from the default Apache configuration file, shows how to allow read-only methods and deny requests for any other methods that can modify the content of the file system, such as PUT. The <Directory> section identifies per-user directories that can contain web pages, as explained in Chapter 8. The next two lines restrict the configuration settings that can be changed by users and other security settings. The <Limit> section allows access by default to those HTTP methods that are read-only, such as GET and POST. The <LimitExcept> section does the opposite, denying access to any other method, without explicitly having to enumerate them.

This is particularly useful in the context of allowing your users to administer their own content, as covered in Chapter 8.



Previous page
Table of content
Next page
Apache(c) Phrase Book(c) Essential Code and Commands
Apache Phrasebook
ISBN: 0672328364
EAN: 2147483647
Year: 2006
Pages: 254
Authors: Daniel Lopez, Jesus Blanco
BUY ON AMAZON
The .NET Developers Guide to Directory Services Programming
C++ How to Program (5th Edition)
After Effects and Photoshop: Animation and Production Effects for DV and Film, Second Edition
PMP Practice Questions Exam Cram 2
Java Concurrency in Practice
Python Programming for the Absolute Beginner, 3rd Edition
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy