Swapan Gupta wrote: > > I am using Apache 2.0.54 and trying out the suggested solution for the > Http TRACE vulnerability as mentioned at > using the mod_rewrite module and specifying the following lines in > .htaccess file. Whoops. NO. You can't play this game at the directory level, modify your httpd.conf file. TRACE never looks at your files, so it would never see your .htaccess file. It's an echo for christmas sake - not a vulnerability :) --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx