On Mon, 1 Oct 2007 16:14:14 +0100 Nick Kew <[EMAIL PROTECTED]> wrote:
> RFC2616 tells us OPTIONS * is basically a simple HTTP ping, > which suggests it could be at a 'lower' level than authconfig > and always be allowed. If there is a reason to deny it, > that could be by means of something analagous to TraceEnable. An option that fixes this in httpd.conf would be: --- docs/conf/httpd.conf.in (revision 580782) +++ docs/conf/httpd.conf.in (working copy) @@ -113,6 +113,12 @@ Options FollowSymLinks AllowOverride None Require all denied + + # Allow OPTIONS * (simple HTTP ping) + <Limit OPTIONS> + Order Allow,Deny + Allow from all + </Limit> </Directory> # Otherwise a simple function running REALLY_FIRST on the access hook could check for OPTIONS. -- Nick Kew Application Development with Apache - the Apache Modules Book http://www.apachetutor.org/