On Oct 1, 2007, at 12:02 PM, Nick Kew wrote:
On Mon, 1 Oct 2007 16:14:14 +0100
Nick Kew <[EMAIL PROTECTED]> wrote:
RFC2616 tells us OPTIONS * is basically a simple HTTP ping,
which suggests it could be at a 'lower' level than authconfig
and always be allowed. If there is a reason to deny it,
that could be by means of something analagous to TraceEnable.
An option that fixes this in httpd.conf would be:
--- docs/conf/httpd.conf.in (revision 580782)
+++ docs/conf/httpd.conf.in (working copy)
@@ -113,6 +113,12 @@
Options FollowSymLinks
AllowOverride None
Require all denied
+
+ # Allow OPTIONS * (simple HTTP ping)
+ <Limit OPTIONS>
+ Order Allow,Deny
+ Allow from all
+ </Limit>
</Directory>
#
Otherwise a simple function running REALLY_FIRST
on the access hook could check for OPTIONS.
Why not use a quick_handler for the OPTIONS * case?
