If you have set this for the entire server as the default, you should not
have to reset it for each virtual host as they should carry the default
unless otherwise conf'ed not to.
Thanks,
Ron DuFresne
On Wed, 18 Jun 2003, rmck wrote:
> Hello,
>
> I have an apache1.3.27/mod_ssl2.8.12. I was told today I needed to fix
> this issue with my web server "HTTP TRACE Enabled".
>
> Now I have module mod_rewrite as a Loaded Module. The fix for this is as
> follows:
>
> If you are using Apache, add the following lines for each virtual
> host in your configuration file :
> RewriteEngine on
> RewriteCond %{REQUEST_METHOD} ^TRACE
> RewriteRule .* - [F]
>
> I'm confused about where to place this in my httpd.conf?
>
> I have two virtual hosts in my httpd.conf file. Does this look correct,
> thanks alot for your help:
>
>
> -VirtualHost 111.111.111.111-
> Redirect / https://host.company.com/
> Servername host.company.com
> RewriteEngine On
> RewriteCond %{REQUEST_METHOD} ^TRACE
> RewriteRule .* - [F]
> -/VirtualHost-
>
>
> -VirtualHost _default_:443-
>
> # General setup for the virtual host
> DocumentRoot "/opt/apache/htdocs"
> ServerName host.company.com
> ServerAdmin [EMAIL PROTECTED]
> ErrorLog /opt/apache/logs/error_log
> TransferLog /opt/apache/logs/access_log
> RewriteEngine On
> RewriteCond %{REQUEST_METHOD} ^TRACE
> RewriteRule .* - [F]
>
> # SSL Engine Switch:
> # Enable/Disable SSL for this virtual host.
> SSLEngine on
> # SSL Cipher Suite:
> # List the ciphers that the client is permitted to negotiate.
> # See the mod_ssl documentation for a complete list.
> SSLCipherSuite
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
> /
> # this only for browsers where you know that their SSL implementation
> # works correctly.
> # Notice: Most problems of broken clients are also related to the HTTP
> # keep-alive facility, so you usually additionally want to disable
> # keep-alive for those clients, too. Use variable "nokeepalive" for
> this.
> # Similarly, one has to force some clients to use HTTP/1.0 to workaround
> # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0"
> and
> # "force-response-1.0" for this.
> SetEnvIf User-Agent ".*MSIE.*" \
> nokeepalive ssl-unclean-shutdown \
> downgrade-1.0 force-response-1.0
>
> # Per-Server Logging:
> # The home of a custom SSL log file. Use this when you want a
> # compact non-error SSL logfile on a virtual host basis.
> CustomLog /opt/apache/logs/ssl_request_log \
> "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
>
> -/VirtualHost-
>
>
>
> Regards,
> Rob
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
-- Johnny Hart
testing, only testing, and damn good at it too!
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
