Hi,
I want to disable the HTTP TRACE and DELETE methods to
be invoked on my webserver.
I checked on the Net, and found that mod_rewrite
should be enabled for this. So, I did the following in
httpd.conf, and recycled the Apache Server:
LoadModule rewrite_module
/usr/libexec/httpd/mod_rewrite.so
AddModule mod_rewrite.c
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]
</IfModule>
It does not help, and still TRACE is enabled:
vg0601f-dhcp86:~/Desktop rafi$ telnet test.serial.com
80
Trying xx.xx.xx.xx...
Connected to test.serial.com.
Escape character is '^]'.
TRACE / HTTP/1.0
Host: test.serial.com
HTTP/1.1 200 OK
Date: Thu, 04 Oct 2007 17:32:02 GMT
Server: Apache/1.3.33 (Darwin) mod_ssl/2.8.24
OpenSSL/0.9.7i mod_jk/1.2.6
Connection: close
Content-Type: message/http
TRACE / HTTP/1.0
Host: test.serial.com
...
Connection closed by foreign host.
What am missing here? Any pointers on this are most
welcome.
Regards
Mohamed Rafi S
____________________________________________________________________________________
Take the Internet to Go: Yahoo!Go puts the Internet in your pocket: mail, news,
photos & more.
http://mobile.yahoo.com/go?refer=1GNXIC
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
