httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Yvo van Doorn" <yvo.vando...@gmail.com>
Subject Re: [users@httpd] TRACE and Apache 2.x
Date Thu, 07 Jun 2007 08:11:39 GMT
On 5/29/07, Jeroen Vriezen <jeroen.vriezen@gmail.com> wrote:
> Hello,
>
> Currently we are using Apache 2.0.46. On the 1.3.x version we always used
> the following mod_rewrite rule to disable the TRACE option:
>
>  RewriteEngine on
>  RewriteCond %{REQUEST_METHOD} ^TRACE
>  RewriteRule .* - [F]
>
> When using these rules on Apache 2.0.46, TRACE is still possible. Beside the
> fact that the whole TRACK & TRACE
> "security issue" is not that interesting, I still wonder how TRACE can be
> disabled in Apache 2.0.46. I've also tried the TraceEnable option but that
> options seems to be supported in 2.0.55 and later only.
>
> Hope someone can point me in the right direction.
>
> Kind Regards,
>
> Jeroen.
>
>

Is there a good solid reason why you aren't using a newer version say
2.0.59? I could understand a reluctance to jump to 2.2.x but a version
jump within the 2.0.x doesn't seem to far fetched.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message