2013-08-22 09:37:02
来 源
kejihao
Nginx
这篇文章里介绍了Apache服务器TraceEnable漏洞的关闭与测试方法,希望对于初学Apache服务器相关的朋友有帮助,更多Apache安装、配置、报错处理等资源请本站内搜索。

系统环境:

OS: RHEL5.6_x64

Apache: httpd-2.2.11

关闭方法:

在主配置文件httpd.conf中添加配置:

TraceEnable off

可以直接配置在ServerRoot参数下面。

测试方法:

通过telnet到HTTP的某个服务端口,进行测试,如下描述(红色为你要输入的部分)。

关闭前测试会返回200 OK:

[[email protected] ~]$ telnet xxx.xxx.xxx.xxx 80

Trying xxx.xxx.xxx.xxx...

Connected to xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx).

Escape character is '^]'.

TRACE / HTTP/1.0

X-Test:abcde

HTTP/1.1 200 OK

Date: Wed, 18 Jul 2012 06:49:19 GMT

Server: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_jk/1.2.28

Connection: close

Content-Type: message/http

TRACE / HTTP/1.0

X-Test: abcde

Connection closed by foreign host.

关闭后测试会返回405 Method Not Allowed:

[[email protected] ~]$ telnet xxx.xxx.xxx.xxx 80

Trying xxx.xxx.xxx.xxx...

Connected to xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx).

Escape character is '^]'.

TRACE / HTTP/1.0

X-Test:abcde

HTTP/1.1 405 Method Not Allowed

Date: Wed, 18 Jul 2012 06:50:05 GMT

Server: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_jk/1.2.28

Allow:

Content-Length: 223

Connection: close

Content-Type: text/html; charset=iso-8859-1

X-Pad: avoid browser bug

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">

<html><head>

<title>405 Method Not Allowed</title>

</head><body>

<h1>Method Not Allowed</h1>

<p>The requested method TRACE is not allowed for the URL /.</p>

</body></html>

Connection closed by foreign host.

声明: 此文观点不代表本站立场;转载须要保留原文链接;版权疑问请联系我们。