[TRACE 차단]
httpd.conf 파일에 설정 추가
TraceEnable Off
[HEAD, GET, POST METHOD 만 허용]
<Location "/">
AllowsMethods GET POST
</Location>
※ 아파치 서버는 HEAD와 GET을 동일하게 간주함
(The HTTP-methods are case sensitive and are generally, as per RFC, given in upper case. The GET and HEAD methods are treated as equivalent.)
※ mod_allowmethods는 TRACE 메소드에 대해 거부 X(-> TraceEnable 설정 필요)
참조 : https://httpd.apache.org/docs/2.4/mod/mod_allowmethods.html
mod_allowmethods - Apache HTTP Server Version 2.4
Apache Module mod_allowmethods Summary This module makes it easy to restrict what HTTP methods can be used on a server. The most common configuration would be: AllowMethods GET POST OPTIONS The HTTP-methods are case sensitive and are generally, as per RFC,
httpd.apache.org
테스트 :
curl -v -X PUT http://localhost
'스마트웹앱콘텐츠전문가 > 웹서버' 카테고리의 다른 글
| 패스워드 변경(passwd) (0) | 2020.09.22 |
|---|---|
| [리눅스]top 명령어로 cpu 사용률 확인 (0) | 2020.08.25 |
| [아파치]응답 서버 버전 정보 숨김 (0) | 2020.07.24 |
| [리눅스]grep 문자열 제외 (0) | 2020.07.13 |
| mod_jk 설치 생성 (0) | 2020.07.02 |