Thank you. I do see the 200 OK response.
OPTIONS / HTTP/1.0
HTTP/1.1 200 OK
Date: Fri, 12 Feb 2016 06:35:33 GMT
Server: Apache
Allow: GET,HEAD,POST,OPTIONS
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Content-Length: 0
Connection: close
Content-Type: text/html
Connection closed by foreign host.
How do I go about fixing this again? I'd like the fix to be server wide,
so I'd want to put this in my httpd.conf file?
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule .* - [R=405,L]
RewriteRule ^[^/] - [R=403,L]
I'm currently redirecting all http traffic to the https version of my site
using this in .htaccess files:
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule ^(.*) https://%{HTTP_HOST}/$1 [R]
I'd like to add that to make it server wide as well I think. Just gotta
figure out where to put it in the httpd.conf file (or the vhosts .conf
files). I use cPanel / WHM and EasyApache so it makes things much harder
to figure out.
On Fri, Feb 12, 2016 at 12:33 AM, Toomas Aas <toomas....@reach-u.com> wrote:
>
> On 02/12/2016 03:38 AM, Spork Schivago wrote:
>
> Sorry to put in here, but is there away for me to test to see if my
>> server is affected by this OPTIONS issue?
>>
>
>
> Testing is easy. Just telnet to port 80 of your server, type "OPTIONS /
> HTTP/1.0" and press Enter twice.
>
> $ telnet www.yoursite.com 80
> Trying 12.34.56.78...
> Connected to www.yoursite.com.
> Escape character is '^]'.
> OPTIONS / HTTP/1.0
>
> HTTP/1.0 200 OK
> Allow: OPTIONS, GET, HEAD, POST
> Content-Length: 0
> Connection: close
> Date: Fri, 12 Feb 2016 05:29:26 GMT
> Server: Apache
>
> If you see the "200 OK" response, you are affected
>
> --
> Toomas Aas | support engineer
> www.reach-u.com
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
