Hi all, I am currently trying to limit all http methods except for POST and GET without any success. Would appreciate if anyone can point me in the right direction. Have included the relevant parts of httpd.conf (I think). FYI -> I have turned on rewrite engine in each virtual so it inherits from the main config. <VirtualHost 1.2.3.4:80> ServerName www.mysite.com DocumentRoot /apps/webserver/static/www.mysite.com Options +Includes DirectoryIndex index.shtml RewriteEngine On RewriteOptions Inherit </VirtualHost> # -------------------------------------------------------------------- # 'Main' server configuration # -------------------------------------------------------------------- # # Remove unwanted http methods. TRACE # # ----------------------------------------------------------- RewriteEngine On RewriteCond %{REQUEST_METHOD} ^TRACE RewriteRule .* - [F] <Directory /apps/webserver/static/www.mysite.com> Options FollowSymLinks Options +Includes AllowOverride None Order allow,deny Allow from all <LimitExcept POST GET> Order deny,allow Deny from all </LimitExcept> </Directory> As you can see from the test below the methods appear to still be available. telnet www.mysite.com 80 Trying 1.2.3.4... Connected to www.mysite.com. Escape character is '^]'. OPTIONS / HTTP/1.0 HTTP/1.1 200 OK Date: Wed, 02 Sep 2009 10:46:21 GMT Server: Apache Allow: GET,HEAD,POST,OPTIONS,TRACE Content-Length: 0 Connection: close Content-Type: text/html Connection to www.mysite.com closed by foreign host. Many thanks in advance for any help provided.