httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "slipmode" <slipm...@qwest.net>
Subject [users@httpd] TRACE feature
Date Thu, 28 Aug 2003 16:39:00 GMT
Hello

I read this paper describing the vulnerabilities of running TRACE on
apache. http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf
It does not mention the exact method of disabling TRACE from apache. It
mentions a modification to the source code which I cannot find.

Is there a specific need to run TRACE on production servers and how can
it be removed? It seems most distros use TRACE by default. RedHat,
Slackware and Gentoo I know use it. Is there any not running it? This
article implies that there is.
-- 
slipmode <slipmode@qwest.net>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message