Hi
In a security audit it was picked up that the http trace method was enabled on our 389 server for port 9830 which is the port the admin console uses. I have done a check on how to disable this method for a http server and they suggested editing the httpd.conf and adding TraceEnable = off or on older versions something like this on the httpd.conf file.
LoadModule rewrite_module "/usr/local/apache/modules/mod_rewrite.so"
Then add the following as well to your httpd.conf file:
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
the file I used to edit these changes was /etc/dirsrv/admin-serv/httpd.conf
Neither of these methods disabled the trace method. Any ideas?
--
389 users mailing list
389-users@%(host_name)s
http://lists.fedoraproject.org/admin/lists/389-users@xxxxxxxxxxxxxxxxxxxxxxx
