[prev in list] [next in list] [prev in thread] [next in thread]
List: security-basics
Subject: about http method
From: "Monty Ree" <chulmin2 () hotmail ! com>
Date: 2005-05-31 2:34:53
Message-ID: BAY10-F23F1E7AF1E67F18128791A85040 () phx ! gbl
[Download RAW message or body]
Hello, all.
Some documents say to limit some method at apache server to improve
security.
So I have some questions about HTTP method.
1. first question
When I using CONNECT method, the apache result was different.
(config is alike, version is 1.3.26 alike)
Some apache :
Allow: GET, HEAD, OPTIONS, TRACE
but some apache like below.
Allow: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, PATCH, PROPFIND,
PROPPATCH, MKCOL, COPY, MOVE, LOCK, UNLOCK, TRACE
== Why the result is not same?
2. and additional quesiton.
I allowed GET,POST,OPTIONS like below, but apache says that TRACE method is
allowed too.
What's the relations between OPTIONS and TRACE?
<LimitExcept GET POST OPTIONS>
Order allow,deny
deny from all
</LimitExcept>
Thanks in advance.
_________________________________________________________________
½Î°Ô ½Î°Ô MSN°øµ¿±¸¸Å
http://www.waawaa.com/cobuy/cobuy_default.asp?siteid=10160
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic