售前咨询
技术支持
渠道合作

Apache服务器TraceEnable漏洞的关闭与测试方法 – Apache

系统环境:
OS: RHEL5.6_x64
Apache: httpd-2.2.11

关闭方法:
在主配置文件httpd.conf中添加配置:
TraceEnable off
可以直接配置在ServerRoot参数下面。


测试方法:

通过telnet到HTTP的某个服务端口,进行测试,如下描述(红色为你要输入的部分)。
关闭前测试会返回200 OK:
[root@web001 ~]$ telnet xxx.xxx.xxx.xxx 80
Trying xxx.xxx.xxx.xxx…
Connected to xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx).
Escape character is ‘^]’.
TRACE / HTTP/1.0
X-Test:abcde

HTTP/1.1 200 OK
Date: Wed, 18 Jul 2012 06:49:19 GMT
Server: Apache/2.2.11 (Unix) mod_ssl/2.2.11
OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_jk/1.2.28
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
X-Test: abcde

Connection closed by foreign host.

关闭后测试会返回405 Method Not Allowed:
[root@web001 ~]$ telnet xxx.xxx.xxx.xxx 80
Trying xxx.xxx.xxx.xxx…
Connected to xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx).
Escape character is ‘^]’.
TRACE / HTTP/1.0
X-Test:abcde

HTTP/1.1 405 Method Not Allowed
Date: Wed, 18 Jul 2012 06:50:05 GMT
Server: Apache/2.2.11 (Unix) mod_ssl/2.2.11
OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_jk/1.2.28
Allow:
Content-Length: 223
Connection: close
Content-Type: text/html; charset=iso-8859-1
X-Pad: avoid browser bug

405 Method Not Allowed

Method Not Allowed

 

The requested method TRACE is not allowed for the URL
/.

Connection closed by foreign host.

上一篇:

下一篇:

相关文章