You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by "William A. Rowe, Jr." <wr...@rowe-clan.net> on 2005/05/11 05:36:08 UTC
TRACE considered harmfull (B***S$$$)
Well, reviewing Nessus reports this week has left me *very* pissed
off. Has anyone assembled a list of all of the various client
browser identifiers that are too moronic to handle a TRACE request
properly?
It seems the rational thing to do is trip those browsers which can't
handle a simple trace request and prevent THEM from invoking TRACE.
Problem solved. Well, not quite. My real solution can't be published
till April 1 2006 thought :) Wish I thought of it two months ago :)
Re: TRACE considered harmfull (B***S$$$)
Posted by Paul Querna <ch...@force-elite.com>.
William A. Rowe, Jr. wrote:
> Well, reviewing Nessus reports this week has left me *very* pissed
> off. Has anyone assembled a list of all of the various client
> browser identifiers that are too moronic to handle a TRACE request
> properly?
No, I just ignore these silly Nessus reports. Every couple weeks
someone comes into #apache on Freenode IRC, all worried how TRACE is the
end of the world...
<chipig> fajita: trace hype
<fajita> i heard trace hype was
http://marc.theaimsgroup.com/?l=apache-httpd-dev&m=104333761011676&w=2