Re: Removing stupid HTTP methods from Apache

To: Anne Carasik <gator@cacr.caltech.edu>
Cc: Debian Security <debian-security@lists.debian.org>
Subject: Re: Removing stupid HTTP methods from Apache
From: John Goerzen <jgoerzen@complete.org>
Date: Tue, 3 Dec 2002 15:37:39 -0600
Message-id: <20021203213739.GA8321@christoph>
In-reply-to: <20021203212736.GA9277@swamp.cacr.caltech.edu>
References: <20021203212736.GA9277@swamp.cacr.caltech.edu>

This is what people suggest for Subversion:

        <Location /test>
          AuthType Basic
          AuthName "Subversion repository"
          AuthUserFile /usr/local/etc/apache2/svn-pass
             <LimitExcept GET PROPFIND OPTIONS REPORT>
                 Require valid-user
             </LimitExcept>

                DAV svn
                SVNPath /var/svn/test
        </Location>


On Tue, Dec 03, 2002 at 01:27:36PM -0800, Anne Carasik wrote:
> Hi all,
> 
> I'm running Apache on a Woody machine, and I can't figure
> out for the life of me how to disable certain insecure HTTP
> methods like PROPFIND and PUT.
> 
> Can someone please help me out? I've been searching through
> the docs and google, and I'm hoping I just overlooked something
> obvious.
> 
> TIA,
> 
> -Anne
> -- 
>               .-"".__."``".   Anne Carasik, System Administrator
>  .-.--. _...' (/)   (/)   ``'   gator at cacr dot caltech dot edu 
> (O/ O) \-'      ` -="""=.    ',  Center for Advanced Computing Research    
> ~`~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>

Reply to:

References:
- Removing stupid HTTP methods from Apache
  - From: Anne Carasik <gator@cacr.caltech.edu>

Prev by Date: Removing stupid HTTP methods from Apache
Next by Date: Re: Removing stupid HTTP methods from Apache
Previous by thread: Removing stupid HTTP methods from Apache
Next by thread: Re: Removing stupid HTTP methods from Apache
Index(es):
- Date
- Thread