Hosting generously provided by
|
|
What is HTTP TRACE?
|
'TRACE' is a HTTP request method used for debugging which echo's back input back to the user. Jeremiah
Grossman from Whitehatsec
a risk allowing an attacker to steal information including Cookies, and possibly website credentials.
suggests the following solution to disable the HTTP TRACE method by using
mod_rewrite.
"TRACE requests can be disabled by making a change to the Apache server configuration.
Unfortunately it is not possible to do this using the Limit directive since the processing for the
TRACE request skips this authorisation checking. Instead the following lines can be added which make
use of the mod_rewrite module.
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]" - www.apacheweek.com
Additional information can be found at the links below.
*
*
|
|
|
Information contained on this website may not be copied without explicit permission.
Best Viewed with Netscape.
|
|
|
Subscribe to CGISecurity.com
|
|
|
|
|
|
The Web Security Mailing List
|
|
|
|
|
Contact us
|
Post News, get linkage!
|
|
|
|
