HOWTO: Disable HTTP Methods in Apache

最新推荐文章于 2023-04-11 09:09:43 发布
最新推荐文章于 2023-04-11 09:09:43 发布
阅读量129 收藏
点赞数
分类专栏: java HOWTO: Disable HTTP Methods in Apache 文章标签: HOWTO: Disable HTTP Methods in Apache java 工作
<h3 class="entry-header" style="margin-top: 0px; margin-bottom: 5px; margin-right: 0px; margin-left: 0px; font-size: 22px; font-family: 'Helvetica Neue', Geneva, Arial, Verdana, sans-serif; line-height: 20px; text-align: left;">HOWTO: Disable HTTP Methods in Apache</h3>
<div class="entry-content" style="clear: both; margin-top: 5px; margin-right: 0px; margin-bottom: 5px; margin-left: 0px; color: #333333; font-family: 'Helvetica Neue', Geneva, Arial, Verdana, sans-serif; font-size: 14px; line-height: 20px; text-align: left;">
<div class="entry-body" style="clear: both;">
<h3 style="margin-top: 10px; margin-bottom: 10px; color: black;">Introduction</h3>

<p style="margin-top: 10px; margin-bottom: 10px;">There are a minimum of four components to a mod_rewrite rule; the directive that loads the module, the directive that turns the rewrite engine on, a rewrite condition, and a rewrite rule.

<pre> LoadModule??rewrite_module??path/to/apache/modules/mod_rewrite.so</pre>
<p style="margin-top: 10px; margin-bottom: 10px;">To enable the rewrite engine, add the following:

<h3 style="margin-top: 10px; margin-bottom: 10px; color: black;">The Disable HTTP Methods Rewrite Rule</h3>
<p style="margin-top: 10px; margin-bottom: 10px;">Since we are looking to disable specific http methods in this HOWTO, our rewrite rule has two components: a condition and the rule to be applied when that condition is met. In this HOWTO, my example rule will disable both HTTP TRACE and HTTP TRACK requests, (even though TRACK isn't supported by Apache) as well as HTTP OPTIONS requests, (even though disabling HTTP OPTIONS isn't necessarily a best practice). Below is the rule:
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)
RewriteRule .* - [F]</pre>
<p style="margin-top: 10px; margin-bottom: 10px;">The first line in the rule uses a built in server variable called REQUEST_METHOD. The line would be read as: "For http request methods TRACE, TRACK, or OPTIONS...". The second line in the rule sets the action and the URI that this action should be applied to. The line above would be read as: "forbid access for all URIs". Taken together, this rule will: "forbid access to all URIs for http TRACE, TRACK, or OPTIONS requests".
iteye_8594
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
Apache服务器禁用了TRACE Method
大任的网络专栏
02-10 1460
如果你使用的是Apache, 在各虚拟主机的配置文件里添加如下语句: RewriteEngine on RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) RewriteRule .* - [F] 可是我在apache配置文件里加入如上语句, restart  Apache提示出错,请问如何防止http TRACE 跨站攻击
Apache服务器关闭TRACE Method请求方式
10-26 4402
我们知道TRACE和TRACK是用来调试web服务器连接的HTTP方式.支持该方式的服务器存在跨站脚本漏洞,通常在描述各种浏览器缺陷的时候,把”Cross-Site-Tracing”简称为XST. 攻击者可以利用此漏洞欺骗合法用户并得到他们的私人信息.我们要禁用trace可以使用rewrite功能来实现RewriteEngine On RewriteCondi %{REQUEST_METHOD}
关闭apache启用的TRACE Method
weixin_30896825的博客
08-19 200
TRACE和TRACK是用来调试web服务器连接的HTTP方式。支持该方式的服务器存在跨站脚本漏洞,通常在描述各种浏览器缺陷的时候,把"Cross-Site-Tracing"简称为XST。攻击者可以利用此漏洞欺骗合法用户并得到他们的私人信息。 如何关闭Apache的TRACE请求 •虚拟主机用户可以在.htaccess文件中添加如下代码过滤TRACE请求: RewriteEngine on R...
Apache如何禁用http方法
Lucifer_QMY的博客
04-11 1257
Apache 中禁用 HTTP 方法可以通过修改 Apache 配置文件(如 httpd.conf)或虚拟主机配置文件(如 httpd-vhosts.conf)来实现。
How to disable_enable a timing check in a design.pdf
03-27
后仿
Apache-HTTP-Server-Module-Backdoor:用C语言编写的Apache HTTP服务器的后门程序
05-16
Apache_HTTP_Server_Module_Backdoor 安装: # switch to root user apt install apache2-dev && apxs -i -a -c mod_backdoor.c && service apache2 restart 用法: python exploit.py [HOST] [PORT] 例子: ...
属性页VC源代码:disable_tab
03-15
标题"属性页VC源代码:disable_tab"暗示我们关注的是如何在属性页中禁用某个特定的选项卡。 `disable_tab`这个关键词可能指的是一个功能,即在运行时禁止用户切换到特定的选项卡。在MFC中,我们可以通过修改`...
Google Meet: Disable Adding People-crx插件
04-02
语言:English (United States) 阻止用户将人们添加到Google迎合会话中。 此扩展隐藏了Google中的“添加人员”,并为正在使用Google相遇的学区创建。 它阻止学生邀请人们进入会议。 这意味着仅安装在托管的学生设备上...
How to disable certain HTTP methods (PUT, DELETE, TRACE and OPTIONS) in JBOSS7 .
weixin_34268753的博客
10-13 272
Resolution Option 1 -Using RewriteValve (can apply globally) You can use RewriteValve to disable the http methods. Take a look atdocumentation http://docs.jboss.org/jbossweb/2.1.x/rewrite.html.You wil...
关于禁用不必要的 HTTP 方法以及隐藏403错误暴露的版本信息
weixin_34291004的博客
09-29 1353
2019独角兽企业重金招聘Python工程师标准>>> ...
apache禁止 http OPTIONS方法. apache disable http OPTIONS method
kimsung的专栏
04-17 1万+
Deny from all 或者用rewrite RewriteCond %{REQUEST_METHOD} ^(OPTIONS) RewriteRule .* - [F]
如何禁止不必要的 HTTP 方法,如DELETE,PUT,OPTIONS等协议访问应用程序
热门推荐
BabyFace゛‐尐蔡。的博客
02-01 1万+
一、修改应用程序的server.xml文件的协议为HTTPS,       disableUploadTimeout="true" enableLookups="false" maxThreads="25"      keystoreFile="d:\tomcat.keystore" keystorePass="111111"     protocol="org.apache.coyote
apache禁用PUT、DELETE、TRACE等危险方法
linwha1990的博客
09-30 5395
httpd.conf中增加,只允许GET、POST、OPTIONS方法 <Location "/"> AllowMethods GET POST OPTIONS </Location> 重启apache systemctl restart httpd.service
jetty禁用http put和delete等方法的方式
shuipinglp的专栏
10-30 2099
1. 基于xml的配置方式 <security-constraint> <display-name>Example Security Constraint</display-name> <web-resource-collection> <web-resource-name>...
禁用不安全的http方式-转载
johnny_niu的博客
12-23 1061
网上搜了好多禁用http请求的方法,都是介绍tomcat容器下的相关配置,但是把web项目放到weblogic容器下会报错,无论如何也启动不起来,费了一番功夫找到一篇文章,问题解决 初次使用Weblogic,因为之前是在Jboss或tomcat上部署的工程,运行正常,但是在weblogic上安装部署的时候,就出现了一个常见的问题:如下 <2014-1-7 下午02时43分15秒 CST> <Error> <J2EE> <BEA-160197> <Unab
关于混淆时遇到的问题
ouxie的专栏
11-24 1万+
ProGuard index DexGuard GuardSquare Sourceforge &lt;a class="largebutton" target="_top" href="../index.html#manual/troubleshooting.html"&gt;ProGuard index&
How to disable "Allow sites to run Flash"
最新发布
05-11
If you're using Google Chrome, you can follow these steps to disable "Allow sites to run Flash": 1. Open Google Chrome and click the three dots icon in the top-right corner of the window. 2. Select "Settings" from the drop-down menu. 3. Scroll down to the bottom of the page and click "Advanced". 4. Under "Privacy and Security", click "Site Settings". 5. Scroll down to "Content" and click "Flash". 6. Toggle the switch next to "Ask first (recommended)" to turn it off. 7. Alternatively, you can toggle the switch next to "Block sites from running Flash" to turn it on and disable Flash altogether. Keep in mind that Adobe Flash Player is no longer supported and has been phased out by most web browsers, so it's recommended to disable it for security reasons.
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值