Manualshelf

User guide

ManualsBrandsRed Hat ManualsComputer equipmentNETSCAPE ENTERPRISE SERVER 6.0 - PROGRAMMER GUIDE TO SERVLETS
71727374757677787980
Chapter 2: Security Measures
2-6
Risk of Exploiting the HTTP TRACE Method
Malicious users (or machines) on the network may read private information in HTTP request data or
execute unwanted codes.
To prevent this risk, it is recommended to disable the HTTP TRACE method by specifying the following
lines in the Interstage HTTP Server environment definition file (httpd.conf):
The TRACE method is the HTTP/1.1 method of receiving the data sent from the client side as response
data. This method is used to diagnose the network environment. There is no problem in the Interstage
HTTP Server operation if this method is disabled because it not usually used.
LoadModule rewrite_module modules/mod_rewrite.so
AddModule mod_rewrite.c
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]
LoadModule rewrite_module libexec/mod_rewrite.so
AddModule mod_rewrite.c
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]
Add the setting to each virtual host as follows to disable the HTTP TRACE method when virtual hosts
are configured.
LoadModule rewrite_module modules/mod_rewrite.so
AddModule mod_rewrite.c
<VirtualHost 192.168.0.2>
ServerName virt.example.com
ServerAdmin webmaster@virt.example.com
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]
...
</VirtualHost>