diff options
| author |   Benedikt Boehm <hollow@gentoo.org> | 2008-10-25 14:37:28 +0000 |
|---|---|---|
| committer | Benedikt Boehm <hollow@gentoo.org> | 2008-10-25 14:37:28 +0000 |
| commit | a8f943c66316ece446a5fd0b4f3ffd95237368ed (patch) | |
| tree | dc6ce05cc4aa3db0190ffe0aafa824ac80f822e8 /2.2/conf | |
| parent | fix #233150 (diff) | |
| download | apache-a8f943c66316ece446a5fd0b4f3ffd95237368ed.tar.gz apache-a8f943c66316ece446a5fd0b4f3ffd95237368ed.tar.bz2 apache-a8f943c66316ece446a5fd0b4f3ffd95237368ed.zip | |
fix #240680
Diffstat (limited to '2.2/conf')
| -rw-r--r-- | 2.2/conf/modules.d/00_default_settings.conf | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/2.2/conf/modules.d/00_default_settings.conf b/2.2/conf/modules.d/00_default_settings.conf index e60c7a1..5dc223b 100644 --- a/2.2/conf/modules.d/00_default_settings.conf +++ b/2.2/conf/modules.d/00_default_settings.conf @@ -37,6 +37,15 @@ AccessFileName .htaccess # where Full conveys the most information, and Prod the least. ServerTokens Prod +# TraceEnable +# This directive overrides the behavior of TRACE for both the core server and +# mod_proxy. The default TraceEnable on permits TRACE requests per RFC 2616, +# which disallows any request body to accompany the request. TraceEnable off +# causes the core server and mod_proxy to return a 405 (Method not allowed) +# error to the client. +# For security reasons this is turned off by default. (bug #240680) +TraceEnable off + # Optionally add a line containing the server version and virtual host # name to server-generated pages (internal error documents, FTP directory # listings, mod_status and mod_info output etc., but not CGI generated |