[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

imitExcept inside a Location overrules another Location restriction

We want to Allow only specific Methods i.e. HEAD POST GET.
so we are using.
<Location />
    <LimitExcept HEAD POST GET>
        Require all denied
Location is required, because we use mod_proxy, so no directory access is performed.
Strangely it overrules a previous defined.
<Location /server-info>
    SetHandler server-info
    Require local
So as a result server-info is accessible from everywhere.
According to my understanding, and documentation this behavior is not correct.
<LimitExcept> and </LimitExcept> are used to enclose a group of access control directives which will then apply to any HTTP access method not listed in the arguments

Thanks a lot!