https://issues.apache.org/bugzilla/show_bug.cgi?id=50328
mishra <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|WORKSFORME | --- Comment #5 from mishra <[email protected]> 2010-11-29 12:45:13 EST --- (In reply to comment #4) > The test of your security scanner is wrong. It should do something like > > TRACE / HTTP/1.0 > Host: foo > X-Secret: Any text entered here will be echoed back in the response What do see from a working Apache 2.2.x server with TraceEnable off, if you send them this data: I get the following results: Escape character is '^]'. TRACE / HTTP/1.0 Host: foo X-Secret: Any text entered here will be echoed back in the response HTTP/1.1 302 Found Date: Mon, 29 Nov 2010 17:29:24 GMT Server: Apache Location: https://apachewebserver-2.2.17.host.server.com/ Content-Length: 214 Connection: close Content-Type: text/html; charset=iso-8859-1 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="https://apachewebserver-2.2.17.host.server.com/";>here</a>.</p> </body></html> Connection closed by foreign host. I get the exact same output if I use "TraceEnable On" Again, I don't see the difference if TraceEnable is on or if TraceEnable is off in Apache 2.2.x (2.2.17 in this case). I think you said it WORKSFORME: Can you please provide the output and difference of using TraceEnable on vs TraceEnable off. If it works for you, then there should be some difference in the output to indicate the TraceEnable function is actually working. Also, are you putting the directive in the httpd.conf or in the extra/httpd-vhosts.conf, in either place for me it does not work or make a difference in the output. Thanks. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
