Re: Block access to "OPTIONS *"

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thank you.   I do see the 200 OK response.

OPTIONS / HTTP/1.0

HTTP/1.1 200 OK
Date: Fri, 12 Feb 2016 06:35:33 GMT
Server: Apache
Allow: GET,HEAD,POST,OPTIONS
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Content-Length: 0
Connection: close
Content-Type: text/html

Connection closed by foreign host.

How do I go about fixing this again?   I'd like the fix to be server wide, so I'd want to put this in my httpd.conf file?

RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule .* - [R=405,L]
RewriteRule ^[^/] - [R=403,L]

I'm currently redirecting all http traffic to the https version of my site using this in .htaccess files:

RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule ^(.*) https://%{HTTP_HOST}/$1 [R]

I'd like to add that to make it server wide as well I think.   Just gotta figure out where to put it in the httpd.conf file (or the vhosts .conf files).   I use cPanel / WHM and EasyApache so it makes things much harder to figure out.


On Fri, Feb 12, 2016 at 12:33 AM, Toomas Aas <toomas.aas@xxxxxxxxxxx> wrote:

On 02/12/2016 03:38 AM, Spork Schivago wrote:

Sorry to put in here, but is there away for me to test to see if my
server is affected by this OPTIONS issue?


Testing is easy. Just telnet to port 80 of your server, type "OPTIONS / HTTP/1.0" and press Enter twice.

$ telnet www.yoursite.com 80
Trying 12.34.56.78...
Connected to www.yoursite.com.
Escape character is '^]'.
OPTIONS / HTTP/1.0

HTTP/1.0 200 OK
Allow: OPTIONS, GET, HEAD, POST
Content-Length: 0
Connection: close
Date: Fri, 12 Feb 2016 05:29:26 GMT
Server: Apache

If you see the "200 OK" response, you are affected

--
Toomas Aas | support engineer
www.reach-u.com

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux