ns_register_filter preauth GET /* rp_handler
ns_register_filter preauth POST /* rp_handler
ns_register_filter preauth PUT /* rp_handler_other
ns_register_filter preauth HEAD /* rp_handler_other
ns_register_filter preauth DELETE /* rp_handler_other
ns_register_filter preauth TRACE /* rp_handler_other
ns_register_filter preauth OPTIONS /* rp_handler_other
ns_register_filter preauth CONNECT /* rp_handler_other
rp_handler_other handles "bad" methods. So I can go in and simplify the code :)
/s.
On Wednesday, January 22, 2003, at 05:08 PM, David Walker wrote:
How do you register this filter?
I have a list of methods I check for but I would prefer to watch for all that
are not get/post/head
On Wednesday 22 January 2003 04:53 pm, Jerry Asher wrote:
Scott Goodwin wrote:
have the source code.
We use AOLserver for EMIS, which is not vulnerable. I've added extra
checking to the EMIS request processor 5 minutes ago to log any attempts
to use HTTP methods that we don't accept so we can identify attempts to
use TRACE. Here's the piece of code I added to do that:
if {! [regexp -nocase {get|post|head} $http_method]} {
ns_log warning "BAD HTTP METHOD: $http_method from $peer_addr: HTTP
REQ=$request"
ns_return 403 text/html [ns_adp_parse -file
/emis/pages/errors/errorframe.adp 403]
return filter_return
} else {
ns_log notice "$http_method request for $request from $peer_addr"
}
This is a good idea.
You may wish to change this to return a TRACE specific error message
that mentions this exploit. That way the user will be alerted to
dubious activity on his machine.
Jerry
