LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
Reload this Page Apache Rewrite Security Question
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 02-29-2008, 10:34 AM   #1
ddenton
Member
 
Registered: May 2007
Posts: 114

Rep: Reputation: 15
Apache Rewrite Security Question

Hello all.

I'm using Nessus to scan our apache installation for vulns and consistently get a warning about our mod_rewrite rules allowing trace/track debugging.

The rewrite rule suggested is:

RewriteRule .* - [F]

This is what we use:

RewriteRule ^/(.*)$ - [F]

Does this not perform the same function?

Thanks in advance...
 
Old 02-29-2008, 10:59 AM   #2
ddenton
Member
 
Registered: May 2007
Posts: 114

Original Poster
Rep: Reputation: 15
I found some docs on performing the test manually, and even after making the change to ".* - [F]", my apache install still returns a 200 when sending the TRACE request.

Any other suggestions? I'm running apache 2.2.4 with Jakarta/Tomcat 5.5.12 on RHEL4.

Thanks...
 
Old 03-04-2008, 01:50 PM   #3
ddenton
Member
 
Registered: May 2007
Posts: 114

Original Poster
Rep: Reputation: 15
Turns out the issue was the order of my conditions and rules.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Question on filesystem security and apache rcase5 Linux - Server 3 02-26-2007 04:06 PM
Apache rewrite question kinetik Linux - General 2 08-04-2006 09:16 AM
apache security question - mod_proxy? asif2k Linux - Security 3 04-17-2006 03:25 PM
Apache log question regarding security alienmagic Linux - Security 6 03-08-2006 09:53 PM
Apache rewrite question CrazyToon Linux - Software 3 06-17-2003 02:00 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 03:45 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration