Thank you. I do see the 200 OK response.OPTIONS / HTTP/1.0HTTP/1.1 200 OKDate: Fri, 12 Feb 2016 06:35:33 GMTServer: ApacheAllow: GET,HEAD,POST,OPTIONSCache-Control: max-age=0, no-cache, no-store, must-revalidatePragma: no-cacheExpires: Wed, 11 Jan 1984 05:00:00 GMTContent-Length: 0Connection: closeContent-Type: text/htmlConnection closed by foreign host.
How do I go about fixing this again? I'd like the fix to be server wide, so I'd want to put this in my httpd.conf file?RewriteCond %{REQUEST_METHOD} OPTIONSRewriteRule .* - [R=405,L]RewriteRule ^[^/] - [R=403,L]I'm currently redirecting all http traffic to the https version of my site using this in .htaccess files:
RewriteEngine onRewriteCond %{HTTPS} offRewriteRule ^(.*) https://%{HTTP_HOST}/$1 [R]
I'd like to add that to make it server wide as well I think. Just gotta figure out where to put it in the httpd.conf file (or the vhosts .conf files). I use cPanel / WHM and EasyApache so it makes things much harder to figure out.On Fri, Feb 12, 2016 at 12:33 AM, Toomas Aas <toomas.aas@xxxxxxxxxxx> wrote:
On 02/12/2016 03:38 AM, Spork Schivago wrote:
Sorry to put in here, but is there away for me to test to see if my
server is affected by this OPTIONS issue?
Testing is easy. Just telnet to port 80 of your server, type "OPTIONS / HTTP/1.0" and press Enter twice.
$ telnet www.yoursite.com 80
Trying 12.34.56.78...
Connected to www.yoursite.com.
Escape character is '^]'.
OPTIONS / HTTP/1.0
HTTP/1.0 200 OK
Allow: OPTIONS, GET, HEAD, POST
Content-Length: 0
Connection: close
Date: Fri, 12 Feb 2016 05:29:26 GMT
Server: Apache
If you see the "200 OK" response, you are affected
--
Toomas Aas | support engineer
www.reach-u.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|