httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gene LeDuc <>
Subject Re: [users@httpd] Upgrade Apache 2.0.46 to 2.0.59 (on RHEL3.9 )
Date Mon, 15 Sep 2008 16:43:12 GMT
Hi Hugh,

Before I discovered TraceEnable, I found something on the web that showed 
how to block TRACE using mod_rewrite.  Here's what I got to work (assuming 
that your install was compiled with --enable-rewrite):

Include the following lines in your httpd.conf file in a "server" 
configuration area (near other <IfModule>...</IfModule> blocks would 
probably be appropriate):
<IfModule rewrite_module>
   RewriteEngine On
   RewriteRule .* - [F]

Include the following lines in every virtual host definition 
block  (<VirtualHost>...</VirtualHost>):
<IfModule rewrite_module>
   RewriteEngine On
   RewriteOptions Inherit

Repeat the above step for any ssl virtual host definitions.

It's a pain if you have a lot of vhosts.


At 08:16 PM 9/14/2008, Hugh E Cruickshank wrote:
>Apache 2.0.46 on RHEL3.9
>Hi All:
>For security reasons it looks like I may need to upgrade the Apache
>httpd software on one of my production servers. The server in
>question is currently running RHEL3 Update 9 which includes Apache
>2.0.46. I have been asked to disable the HTTP TRACE which appears
>to be enabled by default. I have located the TraceEnable config
>parameter but this appears to be only available in 2.0.55+. I have
>check the Apache site and they have an RPM available for 2.0.59.
>I am hesitant to upgrade a production sever with other than Red Hat
>supplied and tested packages for the primary server components. I
>do not mind doing this for add-ons and utilities but not something
>as key as the web server software.
>My questions are:
>1. Is this really required or can I disable the HTTP TRACE using
>    another method?
>2. Has anyone done this type of upgrade and did you encounter any
>    problems?
>Any additional comments or suggestions welcome.
>Regards, Hugh
>Hugh E Cruickshank, Forward Software,
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:> for more info.
>To unsubscribe, e-mail:
>    "   from the digest:
>For additional commands, e-mail:

Gene LeDuc, GSEC
Security Analyst
San Diego State University 

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message