| <?xml version="1.0"?> |
| <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd"> |
| <?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?> |
| <!-- $LastChangedRevision$ --> |
| |
| <!-- |
| Upon adding a new module XML doc, you will need to: |
| |
| svn ps svn:eol-style native <alltextfiles> |
| svn ps svn:keywords LastChangedRevision mod_allowmethods.xml |
| |
| in order for it to rebuild correctly. |
| |
| --> |
| |
| <!-- |
| Licensed to the Apache Software Foundation (ASF) under one or more |
| contributor license agreements. See the NOTICE file distributed with |
| this work for additional information regarding copyright ownership. |
| The ASF licenses this file to You under the Apache License, Version 2.0 |
| (the "License"); you may not use this file except in compliance with |
| the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| --> |
| |
| <modulesynopsis metafile="mod_allowmethods.xml.meta"> |
| <name>mod_allowmethods</name> |
| <description>Easily restrict what HTTP methods can be used on the server</description> |
| <status>Experimental</status> |
| <sourcefile>mod_allowmethods.c</sourcefile> |
| <identifier>allowmethods_module</identifier> |
| <compatibility>Available in Apache 2.3 and later</compatibility> |
| |
| <summary> |
| <p>This module makes it easy to restrict what HTTP methods can be |
| used on a server. The most common configuration would be:</p> |
| |
| <highlight language="config"> |
| <Location "/"> |
| AllowMethods GET POST OPTIONS |
| </Location> |
| |
| <Location "/nopost"> |
| AllowMethods -POST |
| </Location> |
| </highlight> |
| |
| </summary> |
| |
| <directivesynopsis> |
| <name>AllowMethods</name> |
| <description>Restrict access to the listed HTTP methods</description> |
| <syntax>AllowMethods reset | [+|-]<var>HTTP-method</var> |
| [ [+|-]<var>HTTP-method</var> ] ...</syntax> |
| <default>AllowMethods reset</default> |
| <contextlist><context>directory</context></contextlist> |
| <status>Experimental</status> |
| <compatibility>+/- added in 2.5.1</compatibility> |
| |
| <usage> |
| |
| <p>The HTTP-methods are case sensitive and are generally, as per |
| RFC, given in upper case. The GET and HEAD methods are treated as |
| equivalent. The <code>reset</code> keyword can be used to |
| turn off <module>mod_allowmethods</module> in a deeper nested context:</p> |
| |
| <highlight language="config"> |
| <Location "/svn"> |
| AllowMethods reset |
| </Location> |
| </highlight> |
| |
| <note><title>Caution</title> |
| <p>The TRACE method cannot be denied by this module; |
| use <directive module="core">TraceEnable</directive> instead.</p> |
| </note> |
| |
| <p>Normally, if multiple <directive>AllowMethods</directive> could |
| apply to a directory, then the most specific one is used and |
| others are ignored; the methods are not merged. (See <a |
| href="../sections.html#merging">how sections are merged</a>.) |
| However if <em>all</em> the methods on the |
| <directive>AllowMethods</directive> directive are preceded by a |
| <code>+</code> or <code>-</code> symbol, the options are |
| merged. Any method preceded by a <code>+</code> are added to the |
| methods currently in force, and any method preceded by a |
| <code>-</code> are removed from the methods currently in |
| force. </p> |
| |
| <note><title>Note</title> |
| <p>Mixing <directive>AllowMethods</directive> with a <code>+</code> or |
| <code>-</code> with those without is not valid syntax and will be |
| rejected during server startup by the syntax check with an abort.</p> |
| </note> |
| |
| <p><module>mod_allowmethods</module> was written to replace the rather |
| kludgy implementation of <directive module="core">Limit</directive> and |
| <directive module="core">LimitExcept</directive>.</p> |
| |
| </usage> |
| </directivesynopsis> |
| |
| </modulesynopsis> |