Topic: Flawed behaviour related to server and virtualhost config

[NewEraCracker]

Hello,

I am using Apache httpd 2.2.19 x86 Apache.org win32 binaries.

Apache httpd seems to ignore any htaccess definable configuration (sometimes even virtualhost definable configuration) when the configuration is done in server level but not at virtual host or htaccess level.

This is a flawed behavior and I believe this to be a bug.

Some directives that have may have this problem:
http://httpd.apache.org/docs/2.2/mod/core.html#limitexcept <-- Not documented (Tested)
http://httpd.apache.org/docs/2.2/mod/core.html#limitrequestbody <-- Not documented (Not Tested)
http://httpd.apache.org/docs/2.2/mod/core.html#limitrequestline <-- Documented (Tested)

I'd expect that this configuration in the server level:

<LimitExcept POST GET>
</LimitExcept>

Would block any requests other than GET, POST or HEAD at the level of all virtualhosts, which does not occur. The workaround is to put the configuration in virtualhosts which is rather unpractical.

Any thoughts on this issue?

[NewEraCracker]

This works in denying requests other than POST or GET but exposes .htaccess files