Home > Operation and Maintenance > Linux Operation and Maintenance > How to shut down Linux server after TRACE Method is enabled

How to shut down Linux server after TRACE Method is enabled

黄舟
Release: 2017-05-31 11:36:34
Original
3126 people have browsed it

Problem Description


ECS Linux How to turn off TRACE_Method in the system.

Problem Analysis


The dangers of turning on TRACE_Method

  • Malicious attackers can learn about it through the information returned by TRACE Method To some information on the front end of the website, such as cachingserver, etc., thus facilitating the next attack.


  • Malicious attackers can conduct XSS attacks through the TRACE Method.


  • Even if the website enables the HttpOnly header tag for key pages and prohibits scripts from reading cookie information , then a malicious attacker can still bypass this restriction and read the cookie information through TRACE Method.

Solution


The method of turning off TRACE_Method is as follows (it is recommended to Configuration file before modification Backup):

  1. Find the server configuration file /etc/httpd/conf/httpd.conf (the location of the server configuration file depends on the environment). Add to the last line of the file: TraceEnable off

If you are using Apache:
Confirm that the rewrite module is activated (httpd.conf, there is no # in front of the following line):

LoadModule rewrite_module modules/mod_rewrite.so
Copy after login

Add the following statements in the configuration file of each virtual host:

RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]
Copy after login

Note: You can search VirtualHost in httpd.conf to determine the configuration of the virtual host document.

3. After adding, restart the Web service.

If the problem cannot be solved, you can go to the Alibaba Cloud community for free consultation, or contact the cloud market merchant for help.

The above is the detailed content of How to shut down Linux server after TRACE Method is enabled. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template