[BlueOnyx:11128] Re: Unable to turn off trace or track

Richard Barker rc at probass.com
Wed Aug 8 13:16:15 -05 2012 

Thank you testing now
RC
On 8/8/2012 1:58 PM, Michael Stauber wrote:
> Hi Richard,
>
>> I have this in my sitexx.include file and does not work
>>
>>    RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK) [NC,OR]
>>    RewriteCond %{REQUEST_METHOD} ^TRACE [OR]
>>    RewriteCond %{REQUEST_METHOD} ^TRACK [OR]
>>    RewriteRule .* - [F]
>>
>>
>> TCP     80     http
>> Description: HTTP TRACE / TRACK Methods Allowed Synoposis: Debugging
>> functions are enabled on the remote web server. Impact: The remote
>> webserver supports the TRACE and/or TRACK methods. TRACE and TRACK are
>> HTTP methods that are used to debug web server connections.
>>
>> TCP     443     https
>> Description: HTTP TRACE / TRACK Methods Allowed Synoposis: Debugging
>> functions are enabled on the remote web server. Impact: The remote
>> webserver supports the TRACE and/or TRACK methods. TRACE and TRACK are
>> HTTP methods that are used to debug web server connections.
>>
> Create /etc/httpd/conf.d/trace.conf and put this line in it:
>
> TraceEnable off
>
> Then restart Apache: /etc/init.d/httpd restart
>
> That disabled it for all sites and there is no need for a mod_rewrite rule.
>
> I just tested that. But please note: Automated security scanners like
> Nessus or therelike will still bitch about it, as they are often just a
> bunch of garbage.
>

-- 
+---------------------------------------------+
  Richard C. Barker Sr.
  CEO & President
  1-800-510-3139
  ProBass Networks Inc.
    http://www.probassnetworks.net
    http://www.probass.net
  ***************************************
  DISCLAIMER : -
  This e-mail is confidential and intended only for the use
  of the individual or entity named above and may contain
  information that is privileged. If you are not the intended
  recipient, you are notified that any dissemination, distribution
  or copying of this e-mail is strictly prohibited. If you have
  received this email in error, please notify us immediately
  by return email or telephone and destroy the original message.
+---------------------------------------------+

More information about the Blueonyx mailing list