Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

about http method

from [Monty Ree] Network Security [Permanent Link]
Subject: about http method
Date: Tue, 31 May 2005 02:34:53 +0000 
Hello, all.

Some documents say to limit some method at apache server to improve security.

So I have some questions about HTTP method.


1. first question 

When I using CONNECT method, the apache result was different.
(config is alike, version is 1.3.26 alike)

Some apache : Allow: GET, HEAD, OPTIONS, TRACE

but some apache like below.
Allow: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, PATCH, PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK, UNLOCK, TRACE

== Why the result is not same?


2. and additional quesiton.

I allowed GET,POST,OPTIONS like below, but apache says that TRACE method is allowed too.
What's the relations between OPTIONS and TRACE?

<LimitExcept GET POST OPTIONS>
  Order allow,deny
  deny from all
</LimitExcept>



Thanks in advance.

_________________________________________________________________
싸게 싸게 MSN공동구매 http://www.waawaa.com/cobuy/cobuy_default.asp?siteid=10160

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • about http method, Monty Ree <=
Previous by Date:  Re: user name from security logs, Dave Patterson
Next by Date:  SyScAN'05, organiser@syscan.org
Previous by Thread:  Alerts of the ICMP relationship with smtp connection?, Paulo
Next by Thread:  SyScAN'05, organiser@syscan.org
Indexes:  [Date] [Thread] [Top] [All Lists]