<LimitExcept GET POST> not working

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Dear list,

I have tested my webserver ( opensuse 11; apache2-2.2.8-28.4) through nikto. I have found

` ` `
+ Server: Apache
+ OSVDB-0: Retrieved X-Powered-By header: PHP/5.2.9
+ OSVDB-877: TRACE / : TRACE option appears to allow XSS or credential theft. See http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details
+ OSVDB-12184: GET /index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 : PHP reveals potentially sensitive information via certain HTTP requests which contain specific QUERY strings.
+ OSVDB-3268: GET /icons/ : Directory indexing is enabled: /icons
+ OSVDB-3233: GET /icons/README : Apache default file found.
+ 4347 items checked: 5 item(s) reported on remote host
+ End Time:        2010-01-03 17:56:35 (2228 seconds)

` ` `

To block TRACE I have added the following in httpd.conf folder


` ` `
<Directory /srv/www/htdocs/>

# Prevents TRACE from allowing attackers to find a
# path through cache or proxy servers.
<LimitExcept GET POST>
deny from all
</LimitExcept>
</Directory>

` ` `

After restarting the apache; nikto still able to find TRACE. I have a no. of VHOSTS, hence rather than .htaccess I like to add it in httpd.conf What am I missing here ? How can I prevent the other info also like php header, then icons/ folder etc.. ?  I will be grateful if any one kindly suggest me .

Thanks


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux