On Thu, 4 Sep 1997, Kirjushka wrote:
>
> Sorry! Unknown (for me) behaviour of Apache was discovered. Suddenly.
>
> Configuration detail:
> Linux: 2.0.30
> Apache: 1.x.x
>
> srm.conf:
> ...
> Action text/html /cgi-bin/exefile
> ...
>
> /www-root/sec-dir/.htaccess:
> AuthType Basic
> AuthName authname
> AuthUserFile /itc/passwd
> <LIMIT GET POST>
> require valid-user
> </LIMIT>
More the the point, this is a good example of why you should never insert
a Limit container when you don''t mean it. It is obvious your script
isn''t
checking for what method it is passed, so even "valid" methods like
PUT
will probably have text incorrectly returned by the script.
Apache is doing exactly what you tell it and since methods are, by
definition, case sensitive it doesn''t have much choice but to treat GET
and get differently. The passing of unknown methods to CGI scripts is
also a feature designed to allow for easy protocol extension.
If you only want your script to be called with certain methods, you should
be coding your script to check the method. If you don''t want to limit
only certain methods, then do not include Limit directives. 99% of the
time, when they are use they are not necessary. They are only needed if
you wish to limit a subset of possible methods.