TRACE is handled by Apache at an earlier request phase - before
Mod_Security has a hook. Mod_Rewrite has a hook that will allow it to
identify/block TRACE requests.
Implement mod_rewrite and then add these entries -
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACE$
RewriteRule .* - [F]
--=20
Ryan C. Barnett
Web Application Security Consortium (WASC) Member
CIS Apache Benchmark Project Lead
SANS Instructor: Securing Apache
GCIA, GCFA, GCIH, GSNA, GCUX, GSEC
On 8/18/05, David ROBERT <cas...@gm...> wrote:
> Hello,
>=20
> I try to disable http TRACE methode using :
>=20
> SecFilterSelective REQUEST_METHOD "^TRACE$"
>=20
> It don't work, do you know why ?
>=20
> David.
>=20
>=20
> -------------------------------------------------------
> SF.Net email is Sponsored by the Better Software Conference & EXPO
> September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practic=
es
> Agile & Plan-Driven Development * Managing Projects & Teams * Testing & Q=
A
> Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
> _______________________________________________
> mod-security-users mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
>
|
