On 2/10/06, Richard de Vries <richard_devries@xxxxxxxxx> wrote:
> Hey all,
>
> I configured a couple of mod_rewrite directives in the
> main configuration file to disable the TRACE/TRACK
> methods. However, these rules do not seem to make it
> into the HTTPS instance; even though I put them in the
> main config, and not in the virtual hosts.
>
> # Disable/Block TRACE/TRACK requests.
> RewriteEngine on
> RewriteOptions inherit
> RewriteLog logs/mod_rewrite.log
> RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
> RewriteRule .* - [F]
>
> I was hoping to not have to explicitly put these rules
> in the SSL's config, to keep things clean and simple.
1. You are wasting your time because the TRACK method doesn't even
exist in Apache and the TRACE method is not dangerous.
2. If you really want to waste your time, then use a recent version of
apache that has the TraceEnable directive to solve this "problem".
3. If you must use mod_rewrite, then put
RewriteEngine On
RewriteOptions inherit
inside the <VirtualHost> block for your ssl vhost.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|