osdir.com


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

imitExcept inside a Location overrules another Location restriction


We want to Allow only specific Methods i.e. HEAD POST GET.
so we are using.
<Location />
    <LimitExcept HEAD POST GET>
        Require all denied
    </LimitExcept>
</Location>
Location is required, because we use mod_proxy, so no directory access is performed.
Strangely it overrules a previous defined.
<Location /server-info>
    SetHandler server-info
    Require local
</Location>
So as a result server-info is accessible from everywhere.
According to my understanding, and documentation this behavior is not correct.
https://httpd.apache.org/docs/2.4/en/mod/core.html#limitexcept:
<LimitExcept> and </LimitExcept> are used to enclose a group of access control directives which will then apply to any HTTP access method not listed in the arguments

Thanks a lot!
Regards,
Lothar