Re: Disable TRACE HTTP method on Apache 1.3.33

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

try this...


http://httpd.apache.org/docs/1.3/mod/core.html#limit

<Limit TRACE>
Deny from all
</Limit>


p


Yaniv Ofer wrote:
Hello 
Our application is running over Apache 1.3.33.
As a result of a failed security test, we have been asked to disable the TRACE HTTP method on our Apache Server.
Could you please refer me to a configuration/patch/fix that would disable the TRACE HTTP method for Apache 1.3.33 Server? 

Our Server should refuse the following HTTP TRACE request:

==========================================================

TRACE /inbox?Uid=379%2D100 HTTP/1.1

Host: 172.17.129.61:50084

==========================================================

Our current server replies with 200 OK for that request.

Thanks

 Ofer




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux