Disable HTTP TRACE/TRACK
http
curl -v -X TRACE http://www.yourserver.comhttps
curl --insecure -v -X TRACE https://www.google.com/ * Server certificate: * subject: C=US; ST=California; L=Mountain View; O=Google Inc; CN=www.google.com * start date: 2013-02-20 13:34:56 GMT * expire date: 2013-06-07 19:43:27 GMT * subjectAltName: www.google.com matched * issuer: C=US; O=Google Inc; CN=Google Internet Authority * SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway. > TRACE / HTTP/1.1 > User-Agent: curl/7.25.0 (x86_64-suse-linux-gnu) libcurl/7.25.0 OpenSSL/1.0.1c zlib/1.2.7 libidn/1.25 libssh2/1.4.0 > Host: www.google.com > Accept: */* < HTTP/1.1 405 Method Not AllowedSolución:
httpd.conf
# DISABLE HTTP TRACE #
LoadModule rewrite_module modules/mod_rewrite.so
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
TraceEnable off
No hay comentarios:
Publicar un comentario