On Sunday 19 September 2010, Ruediger Pluem wrote: > On 09/19/2010 12:45 AM, Stefan Fritsch wrote: > > What do other people think about removing <Limit> and > > <LimitExcept> and adding mod_allowmethods from the sandbox to > > easily forbid some methods? Or would this create too much > > trouble when upgrading configurations? > > > > BTW, we could also add an authz provider to allow things like > > > > Require method GET,HEAD,... > > > > Though this would be slower than mod_allowmethods because authz > > providers have to parse the require line on every request.
This is done, including parsing the require line only once, which has the added benefit of catching typos while reading the config. I would still add mod_allowmethods, because it is really nice for globally disabling some methods while not having to worry about authz section merging. Anybody disagrees? > Hm. I don't like it to be removed until be have an agreed > alternative in trunk. And the question is whether we should still > do this after we had a first beta release. Sounds reasonable. But if we intend to remove Limit/LimitExcept in 2.4 but leave it in the first beta, it should log a really big warning that it will be removed in 2.4.
