I've been trying to use a <limit> tag to disable PUT and DELETE calls from being executed through our Apache server and have been unsuccessful.
Apache Version: 2.2
I am currently adding something like this to the inside of my httpd.conf file:
<Directory />
Options none
AllowOverride none
Order deny,allow
Deny from all
<Limit PUT DELETE TRACE>
Order deny,allow
Deny from all
</Limit>
</Directory>
But I have been unable to get a successful restart on Apache while this line is in the file. Now, I know very little about Apache and I've been trying to follow along in some of the Apache docs I've found but have been unsuccessful.
With none of my changes this section of the httpd.conf looks like this:
<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
</Directory>
Any help would be appreciated.
http://wiki.linuxquestions.org/wiki/Securing_Apache#Disabling_PUT_and_DELETE
<Directory /usr/apache/www/myserver.com/htdocs>
...bunch of useful stuff
<Limit PUT DELETE>
Require user terribleUnguessableUsername235452309875wesaef
</Limit>
</Directory>
According to Apache docs found at a hyperlink I do not have enough rep to include, you cannot restrict TRACE using a Limit directive.