You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by parks fields <pa...@lanl.gov> on 2004/03/09 20:55:30 UTC
[users@httpd] Http trace is still on.
Hello again,
I am running apache 2.0.46 on RH enterprise ws3.0. The
security scan list Http trace as a risk and I need to turn
it off. A member of this list said I should add the
following to my httpd.conf file.
RewriteCond %{REQUEST_METHOD} TRACE [NC]
RewriteRule / [F,L]
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACE
I did. I have rebooted the machine.
The security scan still list it as being enabled. Attached
is my conf file.
Since I am new at this could someone explain what I am doing
wrong.
TIA
parks
[users@httpd] mod_jk2 library not found problem
Posted by Robert Hall <rf...@berkeley.edu>.
Hello all,
We're having a problem setting up mod_jk2 in Apache 1.3.27 on SuSe 8.2.
When apache starts up, 'apachectl startssl', it complains that mod_jk2 needs
''apr_thread_mutex_trylock', but can't locate it. If we comment out the
mod_jk2
''LoadModule' directive in httpd.conf apache starts OK.
We have libapr-0.so in /usr/lib (symbolic link to libapr-0.so.0.9.5) and
it contains
'apr_thread_mutex_trylock'.
Anybody successfully set up mod_jk2 on SuSE or know what we're missing?
Thanks,
Robert
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Http trace is still on.
Posted by Joshua Slive <jo...@slive.ca>.
parks fields wrote:
>
> Hello again,
>
> I am running apache 2.0.46 on RH enterprise ws3.0. The security scan
> list Http trace as a risk and I need to turn it off. A member of this
> list said I should add the following to my httpd.conf file.
> RewriteCond %{REQUEST_METHOD} TRACE [NC]
> RewriteRule / [F,L]
> RewriteEngine On
> RewriteCond %{REQUEST_METHOD} ^TRACE
>
> I did. I have rebooted the machine.
> The security scan still list it as being enabled. Attached is my conf
> file.
> Since I am new at this could someone explain what I am doing wrong.
1. That config is garbage. Either you misunderstood someone, or someone
gave you bad information. You shouldn't be using mod_rewrite until you
have read the appropriate docs. The proper configuration is here:
http://www.apacheweek.com/issues/03-01-24#news
2. Don't blindly trust your security scanner. It may tell you that
TRACE is enabled just by looking at an OPTIONS request without even
seeing if it really works.
3. As has been discussed on this list several times, TRACE isn't a real
vulnerability anyway.
4. Please don't post your entire httpd.conf to the list unless
aboslutely necessary. Simply posting the relevant excerpts is sufficient.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org