Jeremiah Grossman wrote:
>
> WhiteHat Security has released a new white paper discussing a new class
> of web-app-sec attack (XST) which potentially affects all web servers
> supporting TRACE.
thanks for the interesting findings.
Respectfully- the apache solution proposed by RFP in the "Server Specific
Recommendation" might alternatively be crafted as:
RewriteEngine on
RewriteCond %{REQUEST_METHOD} !^(GET|POST)$
RewriteRule .* - [F]
>
> WhiteHat Security has released a new white paper discussing a new class
> of web-app-sec attack (XST) which potentially affects all web servers
> supporting TRACE.
thanks for the interesting findings.
Respectfully- the apache solution proposed by RFP in the "Server Specific
Recommendation" might alternatively be crafted as:
RewriteEngine on
RewriteCond %{REQUEST_METHOD} !^(GET|POST)$
RewriteRule .* - [F]
[ reply ]