Date: Tue, 3 Dec 2002 15:37:39 -0600
From: John Goerzen jgoerzen@complete.org
To: Anne Carasik gator@cacr.caltech.edu
Cc: Debian Security debian-security@lists.debian.org
Subject: Re: Removing stupid HTTP methods from Apache
User-Agent: Mutt/1.4i


On Tue, Dec 03, 2002 at 01:27:36PM -0800, Anne Carasik wrote:

> I'm running Apache on a Woody machine, and I can't figure
> out for the life of me how to disable certain insecure HTTP
> methods like PROPFIND and PUT.
>
> Can someone please help me out? I've been searching through
> the docs and google, and I'm hoping I just overlooked something
> obvious.

This is what people suggest for Subversion:

<Location /test>
AuthType Basic
AuthName "Subversion repository"
AuthUserFile /usr/local/etc/apache2/svn-pass
<LimitExcept GET PROPFIND OPTIONS REPORT>
Require valid-user
</LimitExcept>

DAV svn
SVNPath /var/svn/test
</Location>