Need to test for Methods allowed

[cp2000]

I am working thru locking down my Apache 1.3.33 servers. I am using the LimitExcept directive in the httpd.conf (so it covers all vhosts as well). But now I need to test to see that it is working.

I have put the same Directive in 2 separate system and got very different results.

<Directory / >
  <LimitExcept POST GET>
    Order allow,deny
    deny from all
  </LimitExcept>
</Directory>

When I tested by telneting to port 80 and issuing the OPTIONS command I got:
System 1 - Access denied.
System 2 - Home page source

Is there a better way to do this?
Is there a different way to test?
What would change this between systems?

 

[Wishdiak]

cp2000,

If the container above behaves differently in two different machines, then most likely the difference is that there is another set of directives on one of those machines that overrides the settings you have.

Are the httpd.conf files identical on both?

Wishdiak
A+, Network+, Security+, MCSA: Security 2003

http://www.wishdiak.com

 

[cp2000]

There are different virtual hosts. But what I am testing against is the main host on each system.

 

[Wishdiak]

cp2000,

Somewhere in the httpd.conf or in a .htaccess file on the second host, you've got an Allow directive that is letting the traffic through.

Unless, of course, you didn't restart Apache after making that change. That could do it too.

Wishdiak
A+, Network+, Security+, MCSA: Security 2003

http://www.wishdiak.com