On Mon, 1 Oct 2007 16:14:14 +0100
Nick Kew <[EMAIL PROTECTED]> wrote:
> RFC2616 tells us OPTIONS * is basically a simple HTTP ping,
> which suggests it could be at a 'lower' level than authconfig
> and always be allowed. If there is a reason to deny it,
> that could be by means of something analagous to TraceEnable.
An option that fixes this in httpd.conf would be:
--- docs/conf/httpd.conf.in (revision 580782)
+++ docs/conf/httpd.conf.in (working copy)
@@ -113,6 +113,12 @@
Options FollowSymLinks
AllowOverride None
Require all denied
+
+ # Allow OPTIONS * (simple HTTP ping)
+ <Limit OPTIONS>
+ Order Allow,Deny
+ Allow from all
+ </Limit>
</Directory>
#
Otherwise a simple function running REALLY_FIRST
on the access hook could check for OPTIONS.
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/
