How do you register this filter?
I have a list of methods I check for but I would prefer to watch for all that
are not get/post/head
On Wednesday 22 January 2003 04:53 pm, Jerry Asher wrote:
> Scott Goodwin wrote:
> > have the source code.
> >
> > We use AOLserver for EMIS, which is not vulnerable. I've added extra
> > checking to the EMIS request processor 5 minutes ago to log any attempts
> > to use HTTP methods that we don't accept so we can identify attempts to
> > use TRACE. Here's the piece of code I added to do that:
> >
> > if {! [regexp -nocase {get|post|head} $http_method]} {
> > ns_log warning "BAD HTTP METHOD: $http_method from $peer_addr: HTTP
> > REQ=$request"
> > ns_return 403 text/html [ns_adp_parse -file
> > /emis/pages/errors/errorframe.adp 403]
> > return filter_return
> > } else {
> > ns_log notice "$http_method request for $request from $peer_addr"
> > }
>
> This is a good idea.
>
> You may wish to change this to return a TRACE specific error message
> that mentions this exploit. That way the user will be alerted to
> dubious activity on his machine.
>
> Jerry
