As an alternative to this ReWrite, is it possible to upgrade Apache from
2.052 to 2.055
which has a EnableTrace=Off option?
Bill Berg
Northern Webworks
715-627-0400 or 1-866-572-1333
-----Original Message-----
From: Bill Berg [mailto:billberg (at mark) northernweb.net]
Sent: Wednesday, October 22, 2008 2:59 PM
To: coba-e (at mark) bluequartz.org
Subject: [coba-e:14207] Trace|Track and PCI scanning
Trying to get PCI compliant, and we are told to disable trace and track.
I find that I should put this code in the main section of httpd.conf:
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) RewriteRule .* - [F]
And then add it again in each virtual host that we need to block.
<VirtualHost>
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) RewriteRule .* - [F]
</VirtualHost>
When I add it to the main file, no problem. I add it to the Virtualhost and
I get this when I try to bring up the site in a browser:
Firefox has detected that the server is redirecting the request for this
address in a way that will never complete.
I'm guessing that it has something to do with the other Rewrite directives
already in that VirtualHost. It now looks something like this:
RewriteEngine on
RewriteCond %{HTTP_HOST} !^IPADDRESS(:80)?$
RewriteCond %{HTTP_HOST} !^www.domain.com(:80)?$ [NC]
RewriteRule ^/(.*) http://www.domain.com/$1 [L,R]
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
RewriteOptions inherit
Am I putting the directives in the wrong order, or should I eliminate
something else?
Bill Berg
Northern Webworks
715-627-0400 or 1-866-572-1333
No virus found in this incoming message.
Checked by AVG - http://www.avg.com
Version: 8.0.169 / Virus Database: 270.8.1/1728 - Release Date: 10/22/2008
7:23 AM