Re: [users@httpd] Disable TRACE HTTP method on Apache 1.3.33

Pid Tue, 13 Feb 2007 03:30:06 -0800

try this...


http://httpd.apache.org/docs/1.3/mod/core.html#limit

<Limit TRACE>
Deny from all
</Limit>


p


Yaniv Ofer wrote:

Hello
Our application is running over Apache 1.3.33.
As a result of a failed security test, we have been asked to disable theTRACE HTTP method on our Apache Server.
Could you please refer me to a configuration/patch/fix that woulddisable the TRACE HTTP method for Apache 1.3.33 Server?
Our Server should refuse the following HTTP TRACE request:

==========================================================

TRACE /inbox?Uid=379%2D100 HTTP/1.1

Host: 172.17.129.61:50084

==========================================================

Our current server replies with 200 OK for that request.

Thanks

 Ofer



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [users@httpd] Disable TRACE HTTP method on Apache 1.3.33

Reply via email to