Date: Mon, 02 Dec 2002 17:38:07 -0500
From: Maarten Van Horenbeeck maarten.vanhorenbeeck@ubizen.com
Subject: Re: Removing stupid HTTP methods from Apache
To: Anne Carasik gator@cacr.caltech.edu,
debian-security@lists.debian.org

Hi Anne,

> I'm running Apache on a Woody machine, and I can't figure
> out for the life of me how to disable certain insecure HTTP
> methods like PROPFIND and PUT.

I hope this helps:

http://www.daemon.be/~maarten/apache-1.3.27-stripping.patch

Limit and LimitExcept are also possible solutions, but you can't use
them to disable all methods. Some are immune to this :-)

Cheers,
Maarten

--
Maarten Van Horenbeeck Ubizen
Network Security Analyst We Secure e-Business
Phone +32 16 28 70 00 http://www.ubizen.com
Fax +32 16 28 71 00 http://www.onlineguardian.com