Apache 2.4.6 메소드 제한

2.4.6 버전에서는 다음과 같은 방법으로 메소드 제한을 한다.

- Trace : http://httpd.apache.org/docs/current/mod/core.html#traceenable

<code>
TraceEnable Directive
Description:    Determines the behavior on TRACE requests
Syntax:    TraceEnable [on|off|extended]
Default:    TraceEnable on
Context:    server config, virtual host
Status:    Core
Module:    core

This directive overrides the behavior of TRACE for both the core server and mod_proxy. The default TraceEnable on permits TRACE requests per RFC 2616, which disallows any request body to accompany the request. TraceEnable off causes the core server and mod_proxy to return a 405 (Method not allowed) error to the client.

Finally, for testing and diagnostic purposes only, request bodies may be allowed using the non-compliant TraceEnable extended directive. The core (as an origin server) will restrict the request body to 64k (plus 8k for chunk headers if Transfer-Encoding: chunked is used). The core will reflect the full headers and all chunk headers with the response body. As a proxy server, the request body is not restricted to 64k.
Note

Despite claims to the contrary, TRACE is not a security vulnerability and there is no viable reason for it to be disabled. Doing so necessarily makes your server non-compliant.
</code>

- methods : http://httpd.apache.org/docs/current/mod/mod_allowmethods.html

<code>
Apache Module mod_allowmethods

Available Languages:  en  |  fr
Description:    Easily restrict what HTTP methods can be used on the server
Status:    Experimental
Module쟅dentifier:    allowmethods_module
Source쟂ile:    mod_allowmethods.c
Summary

This module makes it easy to restrict what HTTP methods can used on an server. The most common configuration would be:

<Location />
   AllowMethods GET POST OPTIONS
</Location>
</code>