But it's really the only place it can be done, from RFC2616;
10.4.6 405 Method Not Allowed
The method specified in the Request-Line is not allowed for the
resource identified by the Request-URI. The response MUST include an
Allow header containing a list of valid methods for the requested
resource.
httpd can't predict what methods the resource will accept.
If it's rejecting a request based on <Limit(Except)>, it can infer
a list of allowed methods from that.
So, in true open source style, I hacked on mod_cgi and made a patch.
mod_cgi is not really the appropriate place for that. It's a matter
either for the CGI application itself, or for the core code that
implements <Limit>/<LimitExcept>.
Of course it's fine to patch it for your own use, and share your patch.
But it wouldn't be appropriate for the standard apache codebase.
This patch doesn't seem to honour RFC2616, and doesn't add an "Allow:"
header to the request. It's also specific to a single method.
>
However, at present I don't think mod_cgi(d) will allow an "Allow:"
header through from a CGI, so this probably should be fixed, for this
reason.
Erm, last time I looked, a CGI script could generate any HTTP headers
it pleases. Not to be confused with the fact that a typical CGI script
generates less than a full HTTP response, so Apache usually has to add
something to what CGI generates.
--
Nick Kew
