(Because people don't necessarily know all the methods that their
server deals with, and because crummy cgi scripts may take
"post" and treat it like "POST" or other similar bad
behavior.)
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@100839
13f79535-47bb-0310-9956-
ffa450edef68
restrict <code>HEAD</code> requests. The <code>TRACE</code> method
cannot be limited.</p>
+ <div class="warning">A <code class="directive"><a href="#limitexcept"><LimitExcept></a></code> section should always be
+ used in preference to a <code class="directive"><a href="#limit"><Limit></a></code> section when restricting access,
+ since a <code class="directive"><a href="#limitexcept"><LimitExcept></a></code> section provides protection
+ against arbitrary methods.</div>
+
+
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="LimitExcept" id="LimitExcept"><LimitExcept></a> <a name="limitexcept" id="limitexcept">Directive</a></h2>
case-sensitive.</strong> If <code>GET</code> is used it will also
restrict <code>HEAD</code> requests. The <code>TRACE</code> method
cannot be limited.</p>
+
+ <note type="warning">A <directive type="section"
+ module="core">LimitExcept</directive> section should always be
+ used in preference to a <directive type="section"
+ module="core">Limit</directive> section when restricting access,
+ since a <directive type="section"
+ module="core">LimitExcept</directive> section provides protection
+ against arbitrary methods.</note>
+
</usage>
</directivesynopsis>
projects / apache / commitdiff