httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <Burc...@koc.net>
Subject RE: [users@httpd] Apache Security
Date Wed, 04 Jun 2003 14:15:04 GMT

	Hello, 

	I just add, 

	RewriteEngine On
	RewriteCond %{REQUEST_METHOD} ^TRACE
	RewriteRule .* - [F]

	these lines to httpd.conf, restart apache and scaned again.  Thats all. 

	 What kind of details you need ? 

	Regards, 

	BO

	

-----Original Message-----
From: Joshua Slive [mailto:joshua@slive.ca] 
Sent: 04 Haziran 2003 Çarşamba 16:58
To: users@httpd.apache.org
Subject: Re: [users@httpd] Apache Security 



On Wed, 4 Jun 2003 BurcinO@koc.net wrote:

> Hello,
>
> I want to ask something about Apache security,
>
> When we scan apache webservers with ISS, we found Http_Trace Vulnerability. Details was
given in  http://www.kb.cert.org/vuls/id/867593  address,
> When I apply that solution for this vulnerability, it worked for 2 systems. But it didn't
work other servers with the same configuration.
>
> Any suggestion regarding with this problem ?

This is not a real vulnerability.  Read the extended bugtraq discussion on
HTTP TRACE from a while back for the details.  So I would just ignore it.

If you really want to restrict TRACE, then you'll need to give us more
details on exactly what you tried and how you know it isn't working.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
 
_____________________________________________________________________________________________________________________________________________
 
Bu e-posta mesaji kisiye ozel olup, gizli bilgiler iceriyor olabilir. Eger bu e-posta mesaji
size yanlislikla ulasmissa,  icerigini hic bir sekilde kullanmayiniz ve ekli dosyalari acmayiniz.
Bu durumda lutfen e-posta mesajini kullaniciya hemen geri gonderiniz  ve  tum kopyalarini
mesaj kutunuzdan siliniz. Bu e-posta mesaji, hic bir sekilde, herhangi bir amac icin cogaltilamaz,
yayinlanamaz ve para karsiligi satilamaz.  Bu e-posta mesaji viruslere karsi anti-virus sistemleri
tarafindan taranmistir. Ancak yollayici, bu e-posta mesajinin - virus koruma sistemleri ile
kontrol ediliyor olsa bile - virus icermedigini garanti etmez ve meydana gelebilecek zararlardan
dogacak hicbir sorumlulugu kabul etmez. 
 
This message is intended solely for the use of the individual or entity to whom it is addressed
, and may contain confidential  information. If you are not the intended recipient of this
message or you receive this mail in error, you should refrain from making any use of the contents
and from opening any attachment. In that case, please notify the sender immediately and return
the message to the sender, then, delete and destroy all copies. This e-mail message, could
not be copied, published or sold for any reason. This e-mail message has been swept by anti-virus
systems for the presence of computer viruses. In doing so, however,  sender  cannot warrant
that virus or other forms of data corruption may not be present and do not take any responsibility
in any occurrence.
 
_____________________________________________________________________________________________________________________________________________
 

 

 

 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message