Re: Upgrade Apache 2.0.46 to 2.0.59 (on RHEL3.9 )

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Hugh,
Before I discovered TraceEnable, I found something on the web that showed how to block TRACE using mod_rewrite. Here's what I got to work (assuming that your install was compiled with --enable-rewrite):
Include the following lines in your httpd.conf file in a "server" configuration area (near other <IfModule>...</IfModule> blocks would probably be appropriate): 
<IfModule rewrite_module>
  RewriteEngine On
  RewriteCond %{REQUEST_METHOD} ^TRACE
  RewriteRule .* - [F]
</IfModule>
Include the following lines in every virtual host definition block (<VirtualHost>...</VirtualHost>): 
<IfModule rewrite_module>
  RewriteEngine On
  RewriteOptions Inherit
</IfModule>

Repeat the above step for any ssl virtual host definitions.

It's a pain if you have a lot of vhosts.

Regards,
Gene

At 08:16 PM 9/14/2008, Hugh E Cruickshank wrote:

Apache 2.0.46 on RHEL3.9

Hi All:

For security reasons it looks like I may need to upgrade the Apache
httpd software on one of my production servers. The server in
question is currently running RHEL3 Update 9 which includes Apache
2.0.46. I have been asked to disable the HTTP TRACE which appears
to be enabled by default. I have located the TraceEnable config
parameter but this appears to be only available in 2.0.55+. I have
check the Apache site and they have an RPM available for 2.0.59.

I am hesitant to upgrade a production sever with other than Red Hat
supplied and tested packages for the primary server components. I
do not mind doing this for add-ons and utilities but not something
as key as the web server software.

My questions are:

1. Is this really required or can I disable the HTTP TRACE using
   another method?

2. Has anyone done this type of upgrade and did you encounter any
   problems?

Any additional comments or suggestions welcome.

TIA

Regards, Hugh

--
Hugh E Cruickshank, Forward Software, www.forward-software.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



--
Gene LeDuc, GSEC
Security Analyst
San Diego State University 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux