Re: [users@httpd] Apache - TRACE vulnerability solution

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Swapan Gupta wrote:
> 
> I am using Apache 2.0.54 and trying out the suggested solution for the
> Http TRACE vulnerability as mentioned at
> using the mod_rewrite module and specifying the following lines in
> .htaccess file.

Whoops.  NO.  You can't play this game at the directory level, modify
your httpd.conf file.

TRACE never looks at your files, so it would never see your .htaccess
file.  It's an echo for christmas sake - not a vulnerability :)

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux