httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <jos...@slive.ca>
Subject [users@httpd] Re: {SPAM 02.7} [users@httpd] HTTP TRACE with Apache 1.3.29
Date Thu, 18 Mar 2004 14:49:31 GMT

On Thu, 18 Mar 2004, Thiago Anderson wrote:
> i edit my httpd.conf and include the lines:
>
>     RewriteEngine on
>     RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
>     RewriteRule .* - [F]
>
> and
> in virtual hosts i add this line too...
>
> but i scan the server with nessus i see the message again...

1. TRACE is not a real vulnerability.  See the archives of this list or
http://www.apacheweek.com/issues/03-01-24#news
for example.  So I wouldn't waster your time with this.

2. Don't trust your scanner.  Try a manual TRACE request using telnet and
see if it suceeds.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message