Preventing PROPFIND requests
Posted: Mon Sep 18, 2006 11:19 am
I was asked this morning if there is a way to prevent the PROPFIND request method on Apache. After reading up on it, it seems as though PROPFIND (and PROPATCH) are parts of the WebDAV module and they are used for file manipulation and versioning. If I am incorrect in this assessment, please correct me.
I also noticed, when looking through the access logs, that there are numerous calls to PROPFIND (that all meet a 405 server response). My question is, is there a way to not allow a PROPFIND request? I have a section of a sample httpd.conf file, but I am not sure what to do with it. Any help would be much appreciated.
From the access logs (**** are used to replace actual directory names that I cannot show):
Sample http.conf text:
I also noticed, when looking through the access logs, that there are numerous calls to PROPFIND (that all meet a 405 server response). My question is, is there a way to not allow a PROPFIND request? I have a section of a sample httpd.conf file, but I am not sure what to do with it. Any help would be much appreciated.
From the access logs (**** are used to replace actual directory names that I cannot show):
Code: Select all
69.109.252.201 - - [16/Sep/2006:00:00:02 -0700] "PROPFIND /**** HTTP/1.1" 405 22869
69.109.252.201 - - [16/Sep/2006:00:00:23 -0700] "PROPFIND /**** HTTP/1.1" 405 22869
69.109.252.201 - - [16/Sep/2006:00:00:33 -0700] "PROPFIND /**** HTTP/1.1" 405 22869
66.234.220.62 - - [16/Sep/2006:01:41:31 -0700] "PROPFIND /SysVol HTTP/1.1" 405 22869
66.234.220.62 - - [16/Sep/2006:01:41:31 -0700] "PROPFIND /SysVol HTTP/1.1" 405 22869
71.202.249.191 - - [16/Sep/2006:07:01:06 -0700] "PROPFIND /SysVol HTTP/1.1" 405 22869
71.202.249.191 - - [16/Sep/2006:07:01:06 -0700] "PROPFIND /**** HTTP/1.1" 405 22869
71.202.249.191 - - [16/Sep/2006:07:01:06 -0700] "PROPFIND /SysVol HTTP/1.1" 405 22869
71.202.249.191 - - [16/Sep/2006:07:01:08 -0700] "PROPFIND /**** HTTP/1.1" 405 22869Code: Select all
# Control access to UserDir directories. The following is an example
# for a site where these directories are restricted to read-only.
#
# You must correct the path for the root to match your system's configured
# user directory location, e.g. "C:/WinNT/profiles/*/My Documents/My Website"
# or whichever, as appropriate.
#
#<Directory "C:/Documents and Settings/*/My Documents/My Website">
# AllowOverride FileInfo AuthConfig Limit
# Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
# <Limit GET POST OPTIONS PROPFIND>
# Order allow,deny
# Allow from all
# </Limit>
# <LimitExcept GET POST OPTIONS PROPFIND>
# Order deny,allow
# Deny from all
# </LimitExcept>
#</Directory>