How do you register this filter? I have a list of methods I check for but I would prefer to watch for all that are not get/post/head
On Wednesday 22 January 2003 04:53 pm, Jerry Asher wrote: > Scott Goodwin wrote: > > have the source code. > > > > We use AOLserver for EMIS, which is not vulnerable. I've added extra > > checking to the EMIS request processor 5 minutes ago to log any attempts > > to use HTTP methods that we don't accept so we can identify attempts to > > use TRACE. Here's the piece of code I added to do that: > > > > if {! [regexp -nocase {get|post|head} $http_method]} { > > ns_log warning "BAD HTTP METHOD: $http_method from $peer_addr: HTTP > > REQ=$request" > > ns_return 403 text/html [ns_adp_parse -file > > /emis/pages/errors/errorframe.adp 403] > > return filter_return > > } else { > > ns_log notice "$http_method request for $request from $peer_addr" > > } > > This is a good idea. > > You may wish to change this to return a TRACE specific error message > that mentions this exploit. That way the user will be alerted to > dubious activity on his machine. > > Jerry