According to CERT, the way to disable this is (see
http://www.kb.cert.org/vuls/id/867593):
Use the Apache mod_rewrite module to deny HTTP TRACE requests or to
permit only the methods needed to meet site requirements and policy.
TRACE requests can be disabled with the following mod_rewrite syntax:
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACE
Mark Post
-----Original Message-----
From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On Behalf Of
Manuela Vorazzo
Sent: Wednesday, May 24, 2006 10:29 AM
To: [email protected]
Subject: Disable Method TRACE
I would like to disable http method TRACE from my apache webserver on
z/linux (we have apache 2.2 not IBM http server powered by apache!)
I tried with these directives but it seems that it doesn't work.
<Directory />
Options -Indexes
AllowOverride All
Allow from all
<Limit GET POST OPTIONS>
Order allow,deny
Allow from all
</Limit>
<LimitExcept GET POST OPTIONS>
Order deny,allow
Deny from all
</LimitExcept>
</Directory>
I've but these inside my virtual host section before a Proxypass
directive.
On IBM HttpServer on Z/OS I can specify the following:
Disable TRACE.
Any ideas????
Please let me know.
Thanks a lot
manuciao
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or
visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
