httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 50328] TraceEnable off : Directive: In apache 2.2.x does not work
Date Wed, 24 Nov 2010 16:51:48 GMT

mishra <> changed:

           What    |Removed                     |Added
             Status|RESOLVED                    |REOPENED
         Resolution|INVALID                     |

--- Comment #2 from mishra <> 2010-11-24 11:51:46 EST ---
(In reply to comment #1)
> You send a request that is syntactically malformed HTTP, you get a 400
> response.
> If you need clarification of that, please use a user support forum.

Our security scans are showing that TRACE is enabled on our apache server.
I have read documentation that this method was a way to manually test it.

Are you saying that TraceEnable off  is working correctly?

Is it or is it not suppose to return METHOD NOT ALLOWED?

How do you propose testing the TraceEnable feature if the following is not
the way to do it:

Host: foo
Any text entered here will be echoed back in the response

Why was I able to get the text echoed back if the TraceEnable off is working?
Where was the METHOD NOT ALLOWED response.

I looked at the http_filters.c and it showed that with TraceEnable off, I
get return information as such:
                      "TRACE denied by server configuration");

But I am not getting that, either are our security scans.
It does not seem like TraceEnable off directive is working correctly.

Please test this and advise?


Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message