httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <jos...@slive.ca>
Subject Re: [users@httpd] The "Limit" Directive and TRACE
Date Fri, 24 Jan 2003 20:56:47 GMT

On Fri, 24 Jan 2003, Ben Ricker wrote:

> I am trying to fortify a web server running Apache 1.3.27 against
> cross-site scripting (see
> http://www.extremetech.com/article2/0,3973,841047,00.asp for more
> information).
>
> The problem is that I am trying to disallow the use of TRACE using the
> LIMIT directive.

See:
http://www.apacheweek.com/issues/03-01-24#news

I suspect (though I haven't tested) you could also use
SetEnvIf Request_Method TRACE trace_request
Order allow,deny
allow from all
deny from env=trace_request

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message