Petr Gajdos changed bug 1188242
What Removed Added
CC   mrueckert@suse.com
Summary Disable TRACE method apache2: Disable TRACE method
Flags   needinfo?(mrueckert@suse.com)

Comment # 4 on bug 1188242 from 
Please look at Apache/apache2:

Index: apache2-global.conf
===================================================================
--- apache2-global.conf (revision 183)
+++ apache2-global.conf (revision 654)
@@ -1,6 +1,7 @@
 ServerSignature off
 UseCanonicalName off
 ServerTokens ProductOnly
+TraceEnable off
 LogLevel warn
 CustomLog /var/log/apache2/access_log combined

Index: apache2-start_apache2
===================================================================
--- apache2-start_apache2 (revision 183)
+++ apache2-start_apache2 (revision 654)
@@ -141,6 +141,10 @@
 if [ -n "$APACHE_SERVERTOKENS" ]; then
     echo "ServerTokens $APACHE_SERVERTOKENS" >> ${sysconfd_dir}/global.conf
 fi
+# APACHE_TACEENABLE -> global.conf
+if [ -n "$APACHE_TRACEENABLE" ]; then
+    echo "TraceEnable $APACHE_TRACEENABLE" >> ${sysconfd_dir}/global.conf
+fi
 # APACHE_EXTENDED_STATUS -> global.conf
 if [ -n "$APACHE_EXTENDED_STATUS" ]; then
     if [ "$APACHE_EXTENDED_STATUS" == "lua" ]; then
Index: sysconfig.apache2
===================================================================
--- sysconfig.apache2 (revision 183)
+++ sysconfig.apache2 (revision 654)
@@ -241,6 +241,14 @@
 #
 APACHE_SERVERTOKENS="ProductOnly"

+## Type:       list(on,off)
+## Default:    "off"
+## ServiceReload: apache2
+#
+# Enable or disable TRACE method.
+#
+APACHE_TRACEENABLE="off"
+
 ## Type:       list(on,off,lua)
 ## Default:    "off"
 ## ServiceReload: apache2


Is it something you have on your mind? Do you think it should go into 15sp2 or
perhaps into 15? As far as I know, we are planning to update apache2 in 15sp4
and thus this could be an opportunity to include the change in 15 series.

You are receiving this mail because: