On 5/29/07, POLONKAI Gergely <polesz@xxxxxxxxxxxxxx> wrote:
Hi,
If I recall well, yuo can use the <Limit> option:
<Limit TRACE>
Deny all
</Limit>
No. Check the docs on <Limit>. It can't be applied to TRACE.
> Currently we are using Apache 2.0.46. On the 1.3.x version we always
> used the following mod_rewrite rule to disable the TRACE option:
>
> RewriteEngine on
> RewriteCond %{REQUEST_METHOD} ^TRACE
> RewriteRule .* - [F]
>
> When using these rules on Apache 2.0.46, TRACE is still possible.
> Beside the fact that the whole TRACK & TRACE
> "security issue" is not that interesting, I still wonder how TRACE can
> be disabled in Apache 2.0.46. I've also tried the TraceEnable option
> but that
> options seems to be supported in 2.0.55 and later only.
2.0.46 is REALLY outdated. You should upgrade. But the rewrite stuff you mentioned should work in any version. It is likely that you aren't putting it in the right part of the config file (for example, inside the relevant <VirtualHost>). Otherwise, use the RewriteLog to figure out what is happening. Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|