Check your apache version/change log. The newest apache versions (1 & 2) have a configuration option specifically for switching off TRACE requests. It seems that a side-effect of this update is that the old mod_rewrite method does not work.
On 5/4/06, George A. Theall <
[EMAIL PROTECTED]> wrote:
On Thu, May 04, 2006 at 10:46:55AM +0100, Chuck Amadi Systems
Administrator wrote:
> I have tried disabling trace/track within my Linux SLES 9, Apache 2
You might get a better response by posting to an Apache-related forum in
this case.
> I
> run numerous virtual hosts So I have the following Rewrite rules in my
> Virtual hosts containers.
...
> RewriteEngine On
> RewriteCond %{REQUEST_METHOD} ^TRACE
> RewriteRule .* - [F]
Seems like that should work, but I'm not a mod-rewrite guru.
> An example of one of my virtual hosts below::
...
> RewriteEngine On
> ## # the following needs to be writeable by Apache
> ## ## every other URL is fetched from Zope
> RewriteRule .* - [F]
I must be missing something, but doesn't this cause all requests to
return a 403 Forbidden message?
> RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
> RewriteRule ^/(.*) http://server.my.co.uk:7080/VirtualHostBase/http/company.my.co.uk:80/live_company_com/VirtualHostRoot/$1 [P,L]
And here you pass any TRACE / TRACK requests through to the proxy rather
than disable them.
George
--
[EMAIL PROTECTED]
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
