I am trying to set some controls in Apache via the .htaccess. This works:
<LimitExcept GET>
Order allow,deny
Allow from all
Deny from all
</LimitExcept>
while this does not:
<LimitExcept POST>
Order allow,deny
Allow from all
Deny from all
</LimitExcept>
Please help me understand what is going on here.
Example test case:
I created a simple HTML form (form.html) to test things out:
<form method="post" action="./test/index.html">
<input type="submit" name="submit" value="submit" />
</form>
Along it, I created a subfolder "test" with two files:
- index.html (<p>Hello world</p>)
- .htaccess (with contents exactly as one of the code blocks above)
In case of the first version of the .htaccess file, submitting the HTML form produces a 403 error, while direct access (entering the full address in a browser - e.g. /test/index.html) is not blocked. This is as expected. However, in case of the second version of the .htaccess file, both submitting the HTML form AND direct access result in a 403 error.
I do not think this is a bug (tested in Apache 2.2 and 2.4), but knowing that other people can replicate it would be quite helpful. Of course, ultimately I would like to understand why things are not working as intended.
