Re: [users@httpd] mod_rewrite directive in main config does not trickle down into the https instance

Fri, 10 Feb 2006 10:31:23 -0800 

excellent feedback. Thank you!

I was unaware of the TraceEnable method. I must have
read over it :(

I agree, it's not really dangerous anymore, but it's
something that should be considered when applying a
defense-in-depth strategy.

Thanks again for the prompt reply!

--- Joshua Slive <[EMAIL PROTECTED]> wrote:

> On 2/10/06, Richard de Vries
> <[EMAIL PROTECTED]> wrote:
> > Hey all,
> >
> > I configured a couple of mod_rewrite directives in
> the
> > main configuration file to disable the TRACE/TRACK
> > methods. However, these rules do not seem to make
> it
> > into the HTTPS instance; even though I put them in
> the
> > main config, and not in the virtual hosts.
> >
> > # Disable/Block TRACE/TRACK requests.
> > RewriteEngine on
> > RewriteOptions inherit
> > RewriteLog logs/mod_rewrite.log
> > RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
> > RewriteRule .* - [F]
> >
> > I was hoping to not have to explicitly put these
> rules
> > in the SSL's config, to keep things clean and
> simple.
> 
> 1. You are wasting your time because the TRACK
> method doesn't even
> exist in Apache and the TRACE method is not
> dangerous.
> 
> 2. If you really want to waste your time, then use a
> recent version of
> apache that has the TraceEnable directive to solve
> this "problem".
> 
> 3. If you must use mod_rewrite, then put
> RewriteEngine On
> RewriteOptions inherit
> inside the <VirtualHost> block for your ssl vhost.
> 
> Joshua.
> 
>
---------------------------------------------------------------------
> The official User-To-User support forum of the
> Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for
> more info.
> To unsubscribe, e-mail:
> [EMAIL PROTECTED]
>    "   from the digest:
> [EMAIL PROTECTED]
> For additional commands, e-mail:
> [EMAIL PROTECTED]
> 
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to