apache-禁用TRACE-TRACK方法,及测试过程
目录
apache 禁用TRACE / TRACK方法,及测试过程
apache 禁用TRACE / TRACK方法
禁用方法
在httpd.conf 中增加一行“TraceEnable off”
本地测试过程
通过telnet到HTTP的某个服务端口,进行测试,如下描述 (红色为需要输入的部分)。
关闭前测试会返回200 OK:
[root@web001 ~]$ telnet xxx.xxx.xxx.xxx 80
Trying xxx.xxx.xxx.xxx...
Connected to xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx).
Escape character is '^]'.
TRACE / HTTP/1.0
X-Test:abcde
HTTP/1.1 200 OK
Date: Wed, 18 Jul 2012 06:49:19 GMT
Server: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_jk/1.2.28
Connection: close
Content-Type: message/http
TRACE / HTTP/1.0
X-Test: abcde
Connection closed by foreign host.关闭后测试会返回405 Method Not Allowed:
[root@web001 ~]$ telnet xxx.xxx.xxx.xxx 80
Trying xxx.xxx.xxx.xxx...
Connected to xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx).
Escape character is '^]'.
TRACE / HTTP/1.0
X-Test:abcde
HTTP/1.1 405 Method Not Allowed
Date: Wed, 18 Jul 2012 06:50:05 GMT
Server: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_jk/1.2.28
Allow:
Content-Length: 223
Connection: close
Content-Type: text/html; charset=iso-8859-1
X-Pad: avoid browser bug
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>405 Method Not Allowed</title>
</head><body>
<h1>Method Not Allowed</h1>
<p>The requested method TRACE is not allowed for the URL /.</p>
</body></html>
Connection closed by foreign host.课程分享:
安利一门Python超级好课!
扫码下单输优惠码【csdnfxzs】再减5元,比官网还便宜!
