Limit
<Limit method1 method2 ...>
...
</Limit>
The
<Limit
method
> directive defines a block
according to the HTTP method of the incoming request. For instance:
<Limit GET POST> ... directives ... </Limit>
This directive limits the application of the directives that follow
to requests that use the GET and
POST methods. Access controls are normally
effective for all access methods, and this is
the usual desired behavior. In the general case, access-control
directives should not be placed within a
<Limit> section.
The purpose of the <Limit> directive is to
restrict the effect of the access controls to the nominated HTTP
methods. For all other methods, the access restrictions that are
enclosed in the <Limit> bracket will have no
effect. The following example applies the access control only to the
methods POST, PUT, and DELETE, leaving all other methods unprotected:
<Limit POST PUT DELETE> Require valid-user </Limit>
The method names listed can be one or more of the following:
GET, POST,
PUT, DELETE,
CONNECT, OPTIONS,
TRACE, PATCH,
PROPFIND, PROPPATCH,
MKCOL, COPY,
MOVE, LOCK, and
UNLOCK. The method name is case sensitive. If
GET is used, it will also restrict
HEAD requests.
Generally, Limit should not be used unless you
really need it (for example, if you’ve implemented
PUT and want to limit PUTs but
not GETs), and we have not used it in
site.authent. Unfortunately,
Apache’s online documentation encouraged its
inappropriate use, so it is often found where it
shouldn’t be.