don't use <Limit GET POST>!! It's a leftover from NCSA days. It will actually limit authentication to only those methods, GET and POST. A malicious user can craft a request using another method, e.g. PUT, and that request will bypass your authentication. Folks, don't use LIMIT containers unless you know what you're doing. | [reply] [Watch: Dir/Any] |
As echo says, you shouldn't use the Limit directives in this case - it really means "only limit the http request methods...".
Just to clarify, all you have to do is turn this:
<Limit GET POST>
require group Xdwp
</LIMIT>
into this:
require valid-user
The first example means that to log in successfully, the username submitted has to match the password of that user (obviously), and also be in the group "Xdwp". In the second example, all that has to happen is that the username has to be in the password file.
This has absolutely nothing to do with perl though, so I'd suggest having a look at <a href=http://httpd.apache.org/docs/mod/core.html#requirethe docs on httpd.apache.org. | [reply] [Watch: Dir/Any] [d/l] [select] |
Thank you echo and mischief for pointing out that I ought not to be using Limit directives. I will fix my .htaccess file.
| [reply] [Watch: Dir/Any] |