Need to test for Methods allowed

cp2000 · Jun 8, 2005

I am working thru locking down my Apache 1.3.33 servers. I am using the LimitExcept directive in the httpd.conf (so it covers all vhosts as well). But now I need to test to see that it is working.

I have put the same Directive in 2 separate system and got very different results.

Code:

<Directory / >
  <LimitExcept POST GET>
    Order allow,deny
    deny from all
  </LimitExcept>
</Directory>

When I tested by telneting to port 80 and issuing the OPTIONS command I got:
System 1 - Access denied.
System 2 - Home page source

Is there a better way to do this?
Is there a different way to test?
What would change this between systems?

Wishdiak · Jun 8, 2005

cp2000,

If the container above behaves differently in two different machines, then most likely the difference is that there is another set of directives on one of those machines that overrides the settings you have.

Are the httpd.conf files identical on both?

Wishdiak
A+, Network+, Security+, MCSA: Security 2003

http://www.wishdiak.com

cp2000 · Jun 8, 2005

There are different virtual hosts. But what I am testing against is the main host on each system.

Wishdiak · Jun 8, 2005

cp2000,

Somewhere in the httpd.conf or in a .htaccess file on the second host, you've got an Allow directive that is letting the traffic through.

Unless, of course, you didn't restart Apache after making that change. That could do it too.

Wishdiak
A+, Network+, Security+, MCSA: Security 2003

http://www.wishdiak.com

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Need to test for Methods allowed

cp2000

Technical User

Wishdiak

Technical User

cp2000

Technical User

Wishdiak

Technical User

Similar threads

Part and Inventory Search

Sponsor