I have a problem with filtering the http-request TRACE. The HEAD and
OPTIONS request is filtered correctly, but it is not possible to filter
TRACE requests. Is an error in my config file or is it not possible to
Debian GNU/Linux unstable
but was also tested with:
Debian GNU/Linux stable
SecFilterEngine On =20
SecFilterForceByteRange 0 255
SecFilterSelective "REQUEST_METHOD" ^OPTIONS
SecFilterSelective "REQUEST_METHOD" ^TRACE
SecFilterSelective "REQUEST_METHOD" ^HEAD
> I have a problem with filtering the http-request TRACE. The HEAD and OPTIONS request is
> filtered correctly, but it is not possible to filter TRACE requests. Is an error in my
> config file or is it not possible to filter TRACE?
It isn't possible at the moment. Apache handles TRACE before the request reaches
mod_security. That could possibly change in a future release, but in the meantime you can
use mod_rewrite to filter out TRACE.
Get latest updates about Open Source Projects, Conferences and News.