You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2003/01/26 21:31:11 UTC

DO NOT REPLY [Bug 16435] New: - TRACE not working in

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16435>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16435

TRACE not working in <Limit>

           Summary: TRACE not working in <Limit>
           Product: Apache httpd-1.3
           Version: 1.3.27
          Platform: PC
        OS/Version: Windows NT/2K
            Status: NEW
          Severity: Normal
          Priority: Other
         Component: core
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: psychosos@gmx.at


According to the documentation it should be possible to limit access controls with the Limit-
Directive to various methods, _including_ TRACE. (See 
http://httpd.apache.org/docs/mod/core.html#limit)

Whenever I put a directive like 
<Limit TRACE> in my configuration file (in a valid context) I get the following error 
message:

Syntax Error on line xxx of c:/program files/.../httpd.conf:
TRACE cannot be 
controlled by <Limit>

Though I wonder if this might be a documentation bug it would be a good 
thing to be able to disable TRACE requests considering the recent discussions about XST (Cross 
Site Tracing) attacks.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org