httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Patrick Cossette <pcosse...@aei.ca>
Subject Re: [users@httpd] Disabling HTTP methods
Date Tue, 26 Oct 2004 19:16:41 GMT
At (14:26) 26-10-2004, you wrote:
>Scanning vulnerabilities in a server I've found:
>
>Allowed HTTP Methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, 
>PATCH, PROPFIND, PROPPATCH, MKCOL,
>COPY, MOVE, LOCK, UNLOCK, TRACE
>
>How can be disabled a particular method, like DELETE or TRACE?
>
>I've talking about a server running APACHE 1.31 on Linux
>
>Thanks

I put the following in httpd.conf of my web server to restrict some 
dangerous methods:

<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
    RewriteRule .* - [F]
</IfModule>

Bye. 
Mime
View raw message