https://issues.apache.org/bugzilla/show_bug.cgi?id=50328
mishra <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|INVALID | --- Comment #2 from mishra <[email protected]> 2010-11-24 11:51:46 EST --- (In reply to comment #1) > You send a request that is syntactically malformed HTTP, you get a 400 > response. > > If you need clarification of that, please use a user support forum. Our security scans are showing that TRACE is enabled on our apache server. I have read documentation that this method was a way to manually test it. Are you saying that TraceEnable off is working correctly? Is it or is it not suppose to return METHOD NOT ALLOWED? How do you propose testing the TraceEnable feature if the following is not the way to do it: TRACE / HTTP/1.0 Host: foo Any text entered here will be echoed back in the response Why was I able to get the text echoed back if the TraceEnable off is working? Where was the METHOD NOT ALLOWED response. I looked at the http_filters.c and it showed that with TraceEnable off, I should get return information as such: "TRACE denied by server configuration"); return HTTP_METHOD_NOT_ALLOWED; But I am not getting that, either are our security scans. It does not seem like TraceEnable off directive is working correctly. Please test this and advise? Thanks, -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
