https://bugzilla.suse.com/show_bug.cgi?id=1188242
https://bugzilla.suse.com/show_bug.cgi?id=1188242#c4
Petr Gajdos changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |mrueckert@suse.com
Summary|Disable TRACE method |apache2: Disable TRACE
| |method
Flags| |needinfo?(mrueckert@suse.co
| |m)
--- Comment #4 from Petr Gajdos ---
Please look at Apache/apache2:
Index: apache2-global.conf
===================================================================
--- apache2-global.conf (revision 183)
+++ apache2-global.conf (revision 654)
@@ -1,6 +1,7 @@
ServerSignature off
UseCanonicalName off
ServerTokens ProductOnly
+TraceEnable off
LogLevel warn
CustomLog /var/log/apache2/access_log combined
Index: apache2-start_apache2
===================================================================
--- apache2-start_apache2 (revision 183)
+++ apache2-start_apache2 (revision 654)
@@ -141,6 +141,10 @@
if [ -n "$APACHE_SERVERTOKENS" ]; then
echo "ServerTokens $APACHE_SERVERTOKENS" >> ${sysconfd_dir}/global.conf
fi
+# APACHE_TACEENABLE -> global.conf
+if [ -n "$APACHE_TRACEENABLE" ]; then
+ echo "TraceEnable $APACHE_TRACEENABLE" >> ${sysconfd_dir}/global.conf
+fi
# APACHE_EXTENDED_STATUS -> global.conf
if [ -n "$APACHE_EXTENDED_STATUS" ]; then
if [ "$APACHE_EXTENDED_STATUS" == "lua" ]; then
Index: sysconfig.apache2
===================================================================
--- sysconfig.apache2 (revision 183)
+++ sysconfig.apache2 (revision 654)
@@ -241,6 +241,14 @@
#
APACHE_SERVERTOKENS="ProductOnly"
+## Type: list(on,off)
+## Default: "off"
+## ServiceReload: apache2
+#
+# Enable or disable TRACE method.
+#
+APACHE_TRACEENABLE="off"
+
## Type: list(on,off,lua)
## Default: "off"
## ServiceReload: apache2
Is it something you have on your mind? Do you think it should go into 15sp2 or
perhaps into 15? As far as I know, we are planning to update apache2 in 15sp4
and thus this could be an opportunity to include the change in 15 series.
--
You are receiving this mail because:
You are on the CC list for the bug.