On Sunday 19 September 2010, Paul Querna wrote: > This is the module that infrastructure uses (and I wrote) to > replace use of limits on *.apache.org: > <https://svn.apache.org/repos/infra/infrastructure/trunk/projects/m > od_allowmethods/mod_allowmethods.c> > > It was written after the last attack on our servers in which the > attackers uploaded CGI scripts; We have some specific use cases > where we want to allow CGI in some places, but all of them have > very limited methods they should accept. Trying to configure > <Limit for our use case and diverse set of vhosts would of meant > duplicating the config in hundreds of places. I don't think the > module is really great as an alternative, but it is one path to > consider, and is working for at least one use case :)
Yes, Igor Galic has commited it here and has written some docs: http://svn.apache.org/viewvc/httpd/sandbox/mod_allowmethods/ I agree that it is useful for some use cases but is not enough as a complete Limit/LimtExcept replacement. In any case, I am in favour of adding it to trunk.
