Hi List
Nessus Cross-Site Tracing issues http(80/tcp).
I have tried disabling trace/track within my Linux SLES 9, Apache 2 I
run numerous virtual hosts So I have the following Rewrite rules in my
Virtual hosts containers. My mod_rewrite.c are statically built when I
configured my Apache 2 So I am not using DSO.
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]
An example of one of my virtual hosts below::
## company.my.co.uk
##
<VirtualHost *:80>
ServerName company.my.co.uk
ErrorLog /var/log/company.my.co.uk-error_log
TransferLog /var/log/company.my.co.uk-access_log
<IfModule mod_rewrite.c>
RewriteEngine On
## # the following needs to be writeable by Apache
## ## every other URL is fetched from Zope
RewriteRule .* - [F]
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule ^/(.*)
http://server.my.co.uk:7080/VirtualHostBase/http/company.my.co.uk:80/live_company_com/VirtualHostRoot/$1
[P,L]
# ca add
</IfModule>
</VirtualHost>
After stopping and restarting apache and then Nessuss I still get http(80/tcp)
Warnings.
What else is there to fix this issue.
Cheers
--
Unix/ Linux Systems Administrator
Chuck Amadi
The Surgical Material Testing Laboratory (SMTL),
Princess of Wales Hospital
Coity Road
Bridgend,
United Kingdom, CF31 1RQ.
Email chuck.smtl.co.uk
Tel: +44 1656 752820
Fax: +44 1656 752830
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
