httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <jsl...@gmail.com>
Subject Re: [users@httpd] [2.0] Better way to control TRACE and TRACK
Date Wed, 20 Jul 2005 13:02:48 GMT
On 7/20/05, Karasulu, Alex <akarasulu@citistreetonline.com> wrote:
> In Apache 1.3 TraceEnable off was a valid option but it does not seem to
> be carried into 2.0?

TraceEnable was added only very recently to 1.3 and in fact is not in
any released version.  Although it can be used to disable TRACE, its
main purpose is actually to enable extended TRACEing for debugging
purposes.  It will probably make it into 2.0 in the near future.

> 
> The only option available is a rewrite which has to go into 100's of our
> virtual host files and this means:
> 
> 1. Allot of work
> 2. Dealing with mod rewrite
> 
> Here's what we do today to get around not having TraceEnable in 2.0:
> 
>         RewriteEngine on
>         ReWriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
>         ReWriteRule .* - [F]

Obviously you're reading some garbage suggestion from a silly security
scanner, since apache httpd has no "TRACK" method.

Really, you are wasting your time with this.  For some reasonable
information see:
http://www.apacheweek.com/issues/03-01-24#news

But to directly answer your question, no there is no other method that
I know of to restrict TRACE in apache httpd.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message