Hi
In a security audit it was picked up that the http trace method was enabled on our 389
server for port 9830 which is the port the admin console uses. I have done a check on how
to disable this method for a http server and they suggested editing the httpd.conf and
adding TraceEnable = off or on older versions something like this on the httpd.conf file.
LoadModule rewrite_module "/usr/local/apache/modules/mod_rewrite.so"
Then add the following as well to your httpd.conf file:
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
the file I used to edit these changes was /etc/dirsrv/admin-serv/httpd.conf
Neither of these methods disabled the trace method. Any ideas?
Show replies by date