protection of /stats/

Discussion in 'General' started by tensor, Sep 25, 2009.

  1. tensor

    tensor New Member

    Currently 3.0.1.3 there is a .htaccess file in /stats/ of every web site.

    Here is the contents:
    Code:
    AuthType Basic
    AuthName "Members Only"
    AuthUserFile /var/www/clients/clientX/webYY/.htpasswd_stats
    <limit GET PUT POST>
    require valid-user
    </limit>
    
    Why <Limit> is used?
    Should not be there just a plain "require valid-user" directive? What if Apache has some other modules which implement HTTP methods which could be used to get the stats?
     
  2. till

    till Super Moderator

    I've added this to the bugtracker.
     

Share This Page