From: Joshua Slive <slive@apache.org>
Date: Tue, 29 Jul 2003 15:15:29 +0000 (+0000)
Subject: REALLY discourage people from using <Limit>.
X-Git-Tag: pre_ajp_proxy~1329
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=8fe2da439c8116dca885ce815cbf8d295a429d0c;p=apache

REALLY discourage people from using <Limit>.

(Because people don't necessarily know all the methods that their
server deals with, and because crummy cgi scripts may take
"post" and treat it like "POST" or other similar bad
behavior.)


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@100839 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/docs/manual/mod/core.html.en b/docs/manual/mod/core.html.en
index 2a1b0d1f99..49f14f22b1 100644
--- a/docs/manual/mod/core.html.en
+++ b/docs/manual/mod/core.html.en
@@ -1504,6 +1504,12 @@ methods</td></tr>
     restrict <code>HEAD</code> requests. The <code>TRACE</code> method
     cannot be limited.</p>
 
+    <div class="warning">A <code class="directive"><a href="#limitexcept">&lt;LimitExcept&gt;</a></code> section should always be
+    used in preference to a <code class="directive"><a href="#limit">&lt;Limit&gt;</a></code> section when restricting access,
+    since a <code class="directive"><a href="#limitexcept">&lt;LimitExcept&gt;</a></code> section provides protection
+    against arbitrary methods.</div>
+
+
 </div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
 <div class="directive-section"><h2><a name="LimitExcept" id="LimitExcept">&lt;LimitExcept&gt;</a> <a name="limitexcept" id="limitexcept">Directive</a></h2>
diff --git a/docs/manual/mod/core.xml b/docs/manual/mod/core.xml
index 8b4854f06c..5c60d77ea2 100644
--- a/docs/manual/mod/core.xml
+++ b/docs/manual/mod/core.xml
@@ -1453,6 +1453,15 @@ methods</description>
     case-sensitive.</strong> If <code>GET</code> is used it will also
     restrict <code>HEAD</code> requests. The <code>TRACE</code> method
     cannot be limited.</p>
+
+    <note type="warning">A <directive type="section"
+    module="core">LimitExcept</directive> section should always be
+    used in preference to a <directive type="section"
+    module="core">Limit</directive> section when restricting access,
+    since a <directive type="section"
+    module="core">LimitExcept</directive> section provides protection
+    against arbitrary methods.</note>
+
 </usage>
 </directivesynopsis>