Re: [mod-security-users] TRACE Method
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] TRACE Method
|
From: Ivan R. <iv...@we...> - 2004-07-07 10:20:36
|
ml...@pa... wrote: > Hi, > I'm using mod_security 1.8.2 on Apache2. > My configuration (apache2.conf) is below, > > <IfModule mod_security.c> > SecFilterEngine On > SecFilterDefaultAction "deny,status:406" > SecFilterSelective REQUEST_METHOD "!(GET|POST|HEAD)" > </IfModule> > > It is work fine in proxy path which using ProxyPass, but not catch up > TRACE method in non-proxy path, so I must use mod_rewrite. > > any idea in mod_security? mod_security does not see the TRACE requests because it runs in a late phase in request processing. The use of mod_rewrite to handle TRACE is recommended. Future versions of mod_security may include a hook to run certain checks earlier. -- ModSecurity (http://www.modsecurity.org) [ Open source IDS for Web applications ] |
