TRACE considered harmfull (B***S$$$)

["William A. Rowe, Jr." <wr...@rowe-clan.net>]

Well, reviewing Nessus reports this week has left me *very* pissed
off.  Has anyone assembled a list of all of the various client
browser identifiers that are too moronic to handle a TRACE request
properly?

It seems the rational thing to do is trip those browsers which can't 
handle a simple trace request and prevent THEM from invoking TRACE.

Problem solved.  Well, not quite.  My real solution can't be published
till April 1 2006 thought :)  Wish I thought of it two months ago :)

Re: TRACE considered harmfull (B***S$$$)

[Paul Querna <ch...@force-elite.com>]

William A. Rowe, Jr. wrote:
> Well, reviewing Nessus reports this week has left me *very* pissed
> off.  Has anyone assembled a list of all of the various client
> browser identifiers that are too moronic to handle a TRACE request
> properly?

No, I just ignore these silly Nessus reports.  Every couple weeks
someone comes into #apache on Freenode IRC, all worried how TRACE is the
end of the world...

<chipig> fajita: trace hype
<fajita> i heard trace hype was
http://marc.theaimsgroup.com/?l=apache-httpd-dev&m=104333761011676&w=2