httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From j..@apache.org
Subject svn commit: r1302855 - /httpd/httpd/trunk/docs/manual/mod/core.xml
Date Tue, 20 Mar 2012 12:08:25 GMT
Author: jim
Date: Tue Mar 20 12:08:25 2012
New Revision: 1302855

URL: http://svn.apache.org/viewvc?rev=1302855&view=rev
Log:
Note that TRACE is not a vuln

Modified:
    httpd/httpd/trunk/docs/manual/mod/core.xml

Modified: httpd/httpd/trunk/docs/manual/mod/core.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/core.xml?rev=1302855&r1=1302854&r2=1302855&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/core.xml (original)
+++ httpd/httpd/trunk/docs/manual/mod/core.xml Tue Mar 20 12:08:25 2012
@@ -4201,6 +4201,13 @@ certain events before failing a request<
     <code>Transfer-Encoding: chunked</code> is used).  The core will
     reflect the full headers and all chunk headers with the response
     body.  As a proxy server, the request body is not restricted to 64k.</p>
+
+    <note><title>Note</title>
+    <p>Despite claims to the contrary, <code>TRACE</code> is not
+    a security vulnerability and there is no viable reason for
+    it to be disabled. Doing so necessarily makes your server
+    non-compliant.</p>
+    </note>
 </usage>
 </directivesynopsis>
 



Mime
View raw message