Forum Moderators: phranque
CONNECT 195.169.138.#*$!:7000 HTTP/1.0" 405 235 "-" "-"
POST [195.169.138.#*$!:7000...] HTTP/1.0" 200 1771 "-"
I'm not too fond of the POST request returning a 200.
So, I've inserted a Limit POST directive into my conf file, yet I'm still getting POST requests that get answered with a 200. Could you help me stem the flow of these successful requests? Are they a threat?
Thanks.
Here's a snippet from conf file
<Directory />
Options FollowSymLinks
AllowOverride None
# 2005-11-26. LKL. disallow POST requests
<Limit POST>
Order deny,allow
Deny from all
</Limit>
</Directory>
Jim
Some light was shed on this matter in an #apache channel...quoted from the manual...
"The purpose of the <Limit> directive is to restrict the effect of the access controls to the nominated HTTP methods. For all other methods, the access restrictions that are enclosed in the <Limit> bracket will have no effect."
Perhaps POST is not a "nominated http method"?
LimitExcept might work.
Will keep the board posted.
Try enclosing your access-control code in some other container, such as <Files> or <Directory> to avoid the whole problem.
Jim
