httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <>
Subject [users@httpd] Re: {SPAM 02.7} [users@httpd] HTTP TRACE with Apache 1.3.29
Date Thu, 18 Mar 2004 14:49:31 GMT

On Thu, 18 Mar 2004, Thiago Anderson wrote:
> i edit my httpd.conf and include the lines:
>     RewriteEngine on
>     RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
>     RewriteRule .* - [F]
> and
> in virtual hosts i add this line too...
> but i scan the server with nessus i see the message again...

1. TRACE is not a real vulnerability.  See the archives of this list or
for example.  So I wouldn't waster your time with this.

2. Don't trust your scanner.  Try a manual TRACE request using telnet and
see if it suceeds.


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message