httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <>
Subject TRACE considered harmfull (B***S$$$)
Date Wed, 11 May 2005 03:36:08 GMT
Well, reviewing Nessus reports this week has left me *very* pissed
off.  Has anyone assembled a list of all of the various client
browser identifiers that are too moronic to handle a TRACE request

It seems the rational thing to do is trip those browsers which can't 
handle a simple trace request and prevent THEM from invoking TRACE.

Problem solved.  Well, not quite.  My real solution can't be published
till April 1 2006 thought :)  Wish I thought of it two months ago :)

View raw message