Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: GET in Access Log File

from [Alexander Klimov] Network Security [Permanent Link]
Subject: Re: GET in Access Log File
Date: Wed, 26 Oct 2005 09:51:45 +0200 (IST) 
On Tue, 25 Oct 2005, S.A.B.R.O. Net Security wrote:

Check out the Limit option in httpd.conf:

        <Limit GET POST>
                .
                .
                .
        </Limit>

The above, when placed within a <directory /path/to/directory>....
</directory> section,  will only allow GET and POST requests to that
directory and it's sub-directories. Anything else will give the 405(Method
Not Allowed)  response that you see for the CONNECT request.


Limit does not limit access methods -- it limits scope of the enclosed
directives.

http://httpd.apache.org/docs/2.0/mod/core.html#limit:

 Access controls are normally effective for all access methods, and
 this is the usual desired behavior. *In the general case, access
 control directives should not be placed within a <Limit> section.*

 The purpose of the <Limit> directive is to restrict the effect of the
 access controls to the nominated HTTP methods. For all other methods,
 the access restrictions that are enclosed in the <Limit> bracket *will
 have no effect*. The following example applies the access control only
 to the methods POST, PUT, and DELETE, leaving all other methods
 unprotected:

  <Limit POST PUT DELETE>
   Require valid-user
  </Limit>

--
Regards,
ASK
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: GET in Access Log File, Tony Barry
Next by Date:  Wake On LAN from the Internet, Emmanuel Goldstein
Previous by Thread:  Re: GET in Access Log File, Tony Barry
Next by Thread:  ISO 17799, siangmeng lim
Indexes:  [Date] [Thread] [Top] [All Lists]