What | Removed | Added |
---|---|---|
CC | mrueckert@suse.com | |
Summary | Disable TRACE method | apache2: Disable TRACE method |
Flags | needinfo?(mrueckert@suse.com) |
Please look at Apache/apache2: Index: apache2-global.conf =================================================================== --- apache2-global.conf (revision 183) +++ apache2-global.conf (revision 654) @@ -1,6 +1,7 @@ ServerSignature off UseCanonicalName off ServerTokens ProductOnly +TraceEnable off LogLevel warn CustomLog /var/log/apache2/access_log combined Index: apache2-start_apache2 =================================================================== --- apache2-start_apache2 (revision 183) +++ apache2-start_apache2 (revision 654) @@ -141,6 +141,10 @@ if [ -n "$APACHE_SERVERTOKENS" ]; then echo "ServerTokens $APACHE_SERVERTOKENS" >> ${sysconfd_dir}/global.conf fi +# APACHE_TACEENABLE -> global.conf +if [ -n "$APACHE_TRACEENABLE" ]; then + echo "TraceEnable $APACHE_TRACEENABLE" >> ${sysconfd_dir}/global.conf +fi # APACHE_EXTENDED_STATUS -> global.conf if [ -n "$APACHE_EXTENDED_STATUS" ]; then if [ "$APACHE_EXTENDED_STATUS" == "lua" ]; then Index: sysconfig.apache2 =================================================================== --- sysconfig.apache2 (revision 183) +++ sysconfig.apache2 (revision 654) @@ -241,6 +241,14 @@ # APACHE_SERVERTOKENS="ProductOnly" +## Type: list(on,off) +## Default: "off" +## ServiceReload: apache2 +# +# Enable or disable TRACE method. +# +APACHE_TRACEENABLE="off" + ## Type: list(on,off,lua) ## Default: "off" ## ServiceReload: apache2 Is it something you have on your mind? Do you think it should go into 15sp2 or perhaps into 15? As far as I know, we are planning to update apache2 in 15sp4 and thus this could be an opportunity to include the change in 15 series.