Re: Apache CONNECT Method Allowed in HTTP Server Or HTTP Proxy Server Vulnerability

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



2 solutions

as you’ve tried before RewriteCond & RewriteRule is one solution, another is limit & limitExcpet. and please note that even disabling the specific method(s) in  these directives will not remove that method from the Supported Methods line (allow) in an OPTIONS request.

 

 

Tks & b.rgds

--

Chris

 

发件人: surodip.patra@xxxxxxxxxxxxx [mailto:surodip.patra@xxxxxxxxxxxxx]
发送时间: Thursday, March 19, 2015 8:44 PM
收件人: users@xxxxxxxxxxxxxxxx
主题: Apache CONNECT Method Allowed in HTTP Server Or HTTP Proxy Server Vulnerability

 

Hi Apache,

 

I have the below vulnerability:

 

CONNECT Method Allowed in HTTP Server Or HTTP Proxy Server Vulnerability:

 

Tried solutions:

 

a.      Commented the connect module in httpd.conf file : LoadModule proxy_connect_module modules/mod_proxy_connect.so

 

b.      Changed in httpd-ssl.conf file

 

# Load Rewrite engine

LoadModule  rewrite_module  path/to/apache/modules/mod_rewrite.so

 

#Enable Rewrite engine

RewriteEngine On

 

# Disable TRACE, TRACK, CONNECT, OPTIONS RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|CONNECT|OPTIONS) RewriteRule .* - [F]

 

But no solutions worked. Can anyone help me to get rid of this vulnerability?

 

Thanks & Regards,

Surodip Patra

+91-9739883456

 

 



This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy.
______________________________________________________________________________________

www.accenture.com


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux