How to disable HTTP TRACE on OpenBSD 5.3?

Asked Sep 11 '13 at 09:06

Active Jul 08 '15 at 12:08

Viewed 133 times

An nmap scan gaved this:

443/tcp  open     ssl/http Apache httpd
| http-methods: GET HEAD OPTIONS TRACE
| Potentially risky methods: TRACE
|_See http://nmap.org/nsedoc/scripts/http-methods.html

so I tried to:

# DISABLE TRACE
vi /var/www/conf/httpd.conf
TraceEnable off

Q: But it gaved syntax error. How can I securely disable Trace HTTP METHOD on OpenBSD 5.3?

p.s.: Why is an insecure option enabled in a secure OS?

edited Jul 08 '15 at 12:08

sendmoreinfo

2,533
21
36

asked Sep 11 '13 at 09:06

gasko peter

5,434
22
83
145

3

Regarding that “insecure option”, the `httpd` documentation says “Despite claims to the contrary, TRACE is not a security vulnerability and there is no viable reason for it to be disabled.” – manatwork Sep 11 '13 at 09:14
Show us where exactly you inserted that directive and paste the exact error message. – manatwork Sep 11 '13 at 09:16

How to disable HTTP TRACE on OpenBSD 5.3?

0 Answers0