On 07/15/2016 08:17 AM, Zeal Vora wrote: > Hi > > In our Internal VA, Vulnerability Assessment tools generates the HTTP TRACE / > TRACK method in IPA as a medium based vulnerability. > > Is there a need to allow those two methods in IPA ? > > If not, what is the optimal way to disable those methods ? > > > Thanks, > Zeal
Hello Zeal, I think it should be safe disabling these methods in FreeIPA Apache configuration - I do not think FreeIPA uses them. I added your remark to https://fedorahosted.org/freeipa/ticket/4431 This is where we plan to harden the FreeIPA Apache instance. If you have any other ideas that were not captured in the ticket yet, please feel free to share them with us! Thanks, Martin -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
