This patch adds a sectioning directive that allows the user to assign authentication control to any HTTP method that is *not* given in the argument list; i.e., the logical negation of the directive. This is particularly useful for controlling access on methods unknown to the Apache core, but perhaps known by some module or CGI script. [Roy Fielding, Tony Finch] Index: htdocs/manual/mod/core.html =================================================================== RCS file: /home/cvs/apache-1.3/htdocs/manual/mod/core.html,v retrieving revision 1.144 diff -u -r1.144 core.html --- core.html 1999/02/06 11:00:57 1.144 +++ core.html 1999/02/09 20:16:18 @@ -49,6 +49,7 @@

<Limit> +

LimitRequestBody

LimitRequestFields

LimitRequestFieldsize @@ -659,7 +660,8 @@ The directory sections typically occur in the access.conf file, but they may appear in any configuration file. <Directory> directives cannot -nest, and cannot appear in a <Limit> section. +nest, and cannot appear in a <Limit> or +<LimitExcept> section.

+ +

<LimitExcept> directive

+ +Syntax: + <LimitExcept method method ... > ... </LimitExcept>
+Context: any
+Status: core
+Compatibility: Available in Apache 1.3.5 and later

+ +<LimitExcept> and </LimitExcept> are used to enclose a group of +access control directives which will then apply to any HTTP access method +not listed in the arguments; i.e., it is the opposite of a +<Limit> section and can be used to control both +standard and nonstandard/unrecognized methods. See the documentation for +<Limit> for more details.

Index: htdocs/manual/mod/directives.html =================================================================== RCS file: /home/cvs/apache-1.3/htdocs/manual/mod/directives.html,v retrieving revision 1.54 diff -u -r1.54 directives.html --- directives.html 1999/02/06 11:00:57 1.54 +++ directives.html 1999/02/09 20:16:18 @@ -123,6 +123,7 @@

<Limit> +

LimitRequestFieldsize Index: src/main/http_core.c =================================================================== RCS file: /home/cvs/apache-1.3/src/main/http_core.c,v retrieving revision 1.248 diff -u -r1.248 http_core.c --- http_core.c 1999/02/06 03:02:11 1.248 +++ http_core.c 1999/02/09 20:16:22 @@ -1241,6 +1241,7 @@ const char *arg) { const char *limited_methods = ap_getword(cmd->pool, &arg, '>'); + void *tog = cmd->cmd->cmd_data; int limited = 0; const char *err = ap_check_cmd_context(cmd, NOT_IN_LIMIT); @@ -1249,7 +1250,7 @@ } /* XXX: NB: Currently, we have no way of checking - * whether sections are closed properly. + * whether or sections are closed properly. * (If we would add a srm_command_loop() here we might...) */ @@ -1257,26 +1258,31 @@ char *method = ap_getword_conf(cmd->pool, &limited_methods); int methnum = ap_method_number_of(method); - if (methnum == M_TRACE) { + if (methnum == M_TRACE && !tog) { return "TRACE cannot be controlled by "; } else if (methnum == M_INVALID) { - return ap_pstrcat(cmd->pool, "unknown method \"", - method, "\" in ", NULL); + return ap_pstrcat(cmd->pool, "unknown method \"", method, + "\" in " : ">", NULL); } else { limited |= (1 << methnum); } } - cmd->limited = limited; + /* Killing two features with one function, + * if (tog == NULL) , else + */ + cmd->limited = tog ? ~limited : limited; return NULL; } static const char *endlimit_section(cmd_parms *cmd, void *dummy, void *dummy2) { + void *tog = cmd->cmd->cmd_data; + if (cmd->limited == -1) { - return " unexpected"; + return tog ? " unexpected" : " unexpected"; } cmd->limited = -1; @@ -2675,6 +2681,11 @@ "authentication directives when accessed using specified HTTP methods" }, { "", endlimit_section, NULL, OR_ALL, NO_ARGS, "Marks end of " }, +{ "", endlimit_section, (void*)1, OR_ALL, NO_ARGS, + "Marks end of " }, { "