Thank you. I do see the 200 OK response. OPTIONS / HTTP/1.0
HTTP/1.1 200 OK Date: Fri, 12 Feb 2016 06:35:33 GMT Server: Apache Allow: GET,HEAD,POST,OPTIONS Cache-Control: max-age=0, no-cache, no-store, must-revalidate Pragma: no-cache Expires: Wed, 11 Jan 1984 05:00:00 GMT Content-Length: 0 Connection: close Content-Type: text/html Connection closed by foreign host. How do I go about fixing this again? I'd like the fix to be server wide, so I'd want to put this in my httpd.conf file? RewriteCond %{REQUEST_METHOD} OPTIONS RewriteRule .* - [R=405,L] RewriteRule ^[^/] - [R=403,L] I'm currently redirecting all http traffic to the https version of my site using this in .htaccess files: RewriteEngine on RewriteCond %{HTTPS} off RewriteRule ^(.*) https://%{HTTP_HOST}/$1 [R] I'd like to add that to make it server wide as well I think. Just gotta figure out where to put it in the httpd.conf file (or the vhosts .conf files). I use cPanel / WHM and EasyApache so it makes things much harder to figure out. On Fri, Feb 12, 2016 at 12:33 AM, Toomas Aas <toomas....@reach-u.com> wrote: > > On 02/12/2016 03:38 AM, Spork Schivago wrote: > > Sorry to put in here, but is there away for me to test to see if my >> server is affected by this OPTIONS issue? >> > > > Testing is easy. Just telnet to port 80 of your server, type "OPTIONS / > HTTP/1.0" and press Enter twice. > > $ telnet www.yoursite.com 80 > Trying 12.34.56.78... > Connected to www.yoursite.com. > Escape character is '^]'. > OPTIONS / HTTP/1.0 > > HTTP/1.0 200 OK > Allow: OPTIONS, GET, HEAD, POST > Content-Length: 0 > Connection: close > Date: Fri, 12 Feb 2016 05:29:26 GMT > Server: Apache > > If you see the "200 OK" response, you are affected > > -- > Toomas Aas | support engineer > www.reach-u.com > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >