REL="Help"
><STRONG>Status:</STRONG></A> core<P>
-<Limit> and </Limit> are used to enclose a group of
-access control directives which will then apply only to the specified
-access methods, where <EM>method</EM> is any valid HTTP method.
-Any directive except another <Limit> or
-<A HREF="#directory"><Directory></A> may be used; the majority will be
-unaffected by the <Limit>. Example:
+Access controls are normally effective for <STRONG>all</STRONG> access
+methods, and this is the usual desired behaviour. <STRONG>In the
+general case, access control directives should not be placed within a
+<CODE><limit></CODE> section.</STRONG>
+
+<P>The purpose of the <Limit> directive is to restrict the effect
+of the access controls to the nominated HTTP methods. For all other
+methods, the access restrictions that are enclosed in the
+<Limit> bracket <STRONG>will have no effect</STRONG>. The
+following example applies the access control only to the methods POST,
+PUT, and DELETE, leaving all other methods unprotected:
+
<BLOCKQUOTE><CODE>
-<Limit GET POST><BR>
+<Limit POST PUT DELETE><BR>
require valid-user<BR>
</Limit></CODE></BLOCKQUOTE>
-If an access control directive appears outside a <Limit>
-directive, then it applies to all access methods. The method names
-listed can be one or more of: GET, POST, PUT, DELETE, CONNECT or
-OPTIONS. <STRONG>The method name is case-sensitive.</STRONG>
-If GET is used it will also restrict HEAD requests.
-<STRONG>If you wish to limit all methods, do not include any
-<Limit> directive at all.</STRONG>
+The method names listed can be one or more of: GET, POST, PUT, DELETE,
+CONNECT, OPTIONS, TRACE, PATCH, PROPFIND, PROPPATCH, MKCOL, COPY,
+MOVE, LOCK, and UNLOCK. <STRONG>The method name is
+case-sensitive.</STRONG> If GET is used it will also restrict HEAD
+requests.
<P><HR>
All valid users can access the directory.
</UL>
<P>
-If <CODE>require</CODE> appears in a <A HREF="#limit"><Limit></A>
-section, then it restricts access to the named methods, otherwise
-it restricts access for all methods. Example:
+Require must be accompanied by <A HREF="#authname">AuthName</A> and
+<A HREF="#authtype">AuthType</A> directives, and directives such as
+<A HREF="mod_auth.html#authuserfile">AuthUserFile</A> and
+<A HREF="mod_auth.html#authgroupfile">AuthGroupFile</A> (to define users and
+groups) in order to work correctly. Example:
<BLOCKQUOTE><CODE>
AuthType Basic<BR>
-AuthName somedomain<BR>
+AuthName "Restricted Directory"<BR>
AuthUserFile /web/users<BR>
AuthGroupFile /web/groups<BR>
-<Limit GET POST><BR>
require group admin<BR>
-</Limit>
</CODE></BLOCKQUOTE>
-Require must be accompanied by <A HREF="#authname">AuthName</A> and
-<A HREF="#authtype">AuthType</A> directives, and directives such as
-<A HREF="mod_auth.html#authuserfile">AuthUserFile</A> and
-<A HREF="mod_auth.html#authgroupfile">AuthGroupFile</A> (to define users and
-groups) in order to work correctly.<P><HR>
+Access controls which are applied in this way are effective for
+<STRONG>all</STRONG> methods. <STRONG>This is what is normally
+desired.</STRONG> If you wish to apply access controls only to
+specific methods, while leaving other methods unprotected, then place
+the <CODE>require</CODE> statement into a <A
+HREF="#limit"><Limit></A> section<P><HR>
<H2><A NAME="resourceconfig">ResourceConfig directive</A></H2>
<!--%plaintext <?INDEX {\tt ResourceConfig} directive> -->
projects / apache / commitdiff