about http method
From: Monty Ree (chulmin2_at_hotmail.com)
Date: 05/31/05
- Previous message: organiser_at_syscan.org: "SyScAN'05"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: security-basics@securityfocus.com Date: Tue, 31 May 2005 02:34:53 +0000
Hello, all.
Some documents say to limit some method at apache server to improve
security.
So I have some questions about HTTP method.
1. first question
When I using CONNECT method, the apache result was different.
(config is alike, version is 1.3.26 alike)
Some apache :
Allow: GET, HEAD, OPTIONS, TRACE
but some apache like below.
Allow: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, PATCH, PROPFIND,
PROPPATCH, MKCOL, COPY, MOVE, LOCK, UNLOCK, TRACE
== Why the result is not same?
2. and additional quesiton.
I allowed GET,POST,OPTIONS like below, but apache says that TRACE method is
allowed too.
What's the relations between OPTIONS and TRACE?
<LimitExcept GET POST OPTIONS>
Order allow,deny
deny from all
</LimitExcept>
Thanks in advance.
_________________________________________________________________
½Î°Ô ½Î°Ô MSN°øµ¿±¸¸Å
http://www.waawaa.com/cobuy/cobuy_default.asp?siteid=10160
- Previous message: organiser_at_syscan.org: "SyScAN'05"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
