mod_allowhandlers Easily restrict what HTTP handlers can be used on the server Experimental mod_allowhandlers.c allowhandlers_module

This module makes it easy to restrict which handlers may be used for a request. A possible configuration would be:

<Location "/"> AllowHandlers not server-info server-status balancer-manager ldap-status </Location>

It also registers a handler named forbidden that simply returns 403 FORBIDDEN to the client. This can be used with directives like AddHandler.

SetHandler AddHandler AllowHandlers Restrict access to the listed handlers AllowHandlers [not] none|handler-name [none|handler-name]... AllowHandlers all directory Experimental

The handler names are case sensitive. The special name none can be used to match the case where no handler has been set. The special vallue all can be used to allow all handlers again in a later config section, even if some headers were denied earlier in the configuration merge order:

<Location "/server-status"> AllowHandlers all SetHandler server-status </Location>