httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "slipmode" <>
Subject [users@httpd] TRACE feature
Date Thu, 28 Aug 2003 16:39:00 GMT

I read this paper describing the vulnerabilities of running TRACE on
It does not mention the exact method of disabling TRACE from apache. It
mentions a modification to the source code which I cannot find.

Is there a specific need to run TRACE on production servers and how can
it be removed? It seems most distros use TRACE by default. RedHat,
Slackware and Gentoo I know use it. Is there any not running it? This
article implies that there is.
slipmode <>

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message