Here I believe you too have been forced by your Vulnerability Scanner to look for it :)
telnet 127.0.0.1 80
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
TRACE / HTTP/1.0
HTTP/1.1 200 OK Date: Sat, 20 Oct 2015 20:39:36 GMT
Method - 1
Add this lines to your httpd.conf file.
RewriteEngine On RewriteCond %{REQUEST_METHOD} ^TRACE RewriteRule .* - [F]
Method - 2
Applies: apache 1.3.x / apache 2.0.x Required apache module
Add the below mentioned line to your httpd.conf file
Normally you will have this enabled by default, but if you want to test if it is really enabled on your server you just have to telnet on the port your web server is running and request for “TRACE / HTTP/1.0” if you get a positive reply it means TRACE is enabled on your system. The output of a server with TRACE enabled will look like:
HTTP/1.1 200 OK Date: Sat, 20 Oct 2015 20:39:36 GMT
Disable HTTP TRACE Method for Apache.
Method - 1
Add this lines to your httpd.conf file.
RewriteEngine On RewriteCond %{REQUEST_METHOD} ^TRACE RewriteRule .* - [F]
Method - 2
Applies: apache 1.3.x / apache 2.0.x Required apache module
Add the below mentioned line to your httpd.conf file
No comments:
Post a Comment