| <?xml version="1.0"?> |
| <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd"> |
| <?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?> |
| <!-- $LastChangedRevision$ --> |
| |
| <!-- |
| Licensed to the Apache Software Foundation (ASF) under one or more |
| contributor license agreements. See the NOTICE file distributed with |
| this work for additional information regarding copyright ownership. |
| The ASF licenses this file to You under the Apache License, Version 2.0 |
| (the "License"); you may not use this file except in compliance with |
| the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| --> |
| |
| <modulesynopsis metafile="mod_allowhandlers.xml.meta"> |
| <name>mod_allowhandlers</name> |
| <description>Easily restrict what HTTP handlers can be used on the server</description> |
| <status>Experimental</status> |
| <sourcefile>mod_allowhandlers.c</sourcefile> |
| <identifier>allowhandlers_module</identifier> |
| |
| |
| <summary> |
| <p>This module makes it easy to restrict which handlers may be used for a |
| request. A possible configuration would be:</p> |
| |
| <highlight language="config"> |
| <Location "/"> |
| AllowHandlers not server-info server-status balancer-manager ldap-status |
| </Location> |
| </highlight> |
| |
| <p>It also registers a handler named <code>forbidden</code> that simply |
| returns 403 FORBIDDEN to the client. This can be used with directives like |
| <directive module="mod_mime">AddHandler</directive>.</p> |
| |
| </summary> |
| |
| <seealso><directive module="core">SetHandler</directive></seealso> |
| <seealso><directive module="mod_mime">AddHandler</directive></seealso> |
| |
| <directivesynopsis> |
| <name>AllowHandlers</name> |
| <description>Restrict access to the listed handlers</description> |
| <syntax>AllowHandlers [not] none|<em>handler-name</em> |
| [none|<em>handler-name</em>]...</syntax> |
| <default>AllowHandlers all</default> |
| <contextlist><context>directory</context></contextlist> |
| <status>Experimental</status> |
| |
| <usage> |
| |
| <p>The handler names are case sensitive. The special name |
| <code>none</code> can be used to match the case where no handler has been |
| set. The special value <code>all</code> can be used to allow all |
| handlers again in a later config section, even if some headers were denied |
| earlier in the configuration merge order:</p> |
| |
| <highlight language="config"> |
| <Location "/server-status"> |
| AllowHandlers all |
| SetHandler server-status |
| </Location> |
| </highlight> |
| |
| </usage> |
| </directivesynopsis> |
| |
| </modulesynopsis> |