This is not a mailing list for reporting bugs, it's the mailing list used by bugzilla.Avoid Limit/LimitExcept in 2.4. In the config below, if the Location / comes second,it means the authorization config replaces the one defined in server-info, not merged with it, and GET is no longer limited.On Fri, Nov 2, 2018 at 8:28 AM Lothar Belle <lothar.webmin@xxxxxxxxx> wrote:
We want to Allow only specific Methods i.e. HEAD POST GET.so we are using.<Location />
<LimitExcept HEAD POST GET>
Require all denied
</Location>Location is required, because we use mod_proxy, so no directory access is performed.Strangely it overrules a previous defined.
SetHandler server-infoRequire local</Location>So as a result server-info is accessible from everywhere.According to my understanding, and documentation this behavior is not correct.
</LimitExcept>are used to enclose a group of access control directives which will then apply to any HTTP access method not listed in the argumentsThanks a lot!Regards,Lothar--Eric Covener