[아파치]불 필요한 메서드 차단1
[TRACE 차단]
httpd.conf 파일에 설정 추가
TraceEnable Off
[HEAD, GET, POST METHOD 만 허용]
<Location "/">
AllowsMethods GET POST
</Location>
※ 아파치 서버는 HEAD와 GET을 동일하게 간주함
(The HTTP-methods are case sensitive and are generally, as per RFC, given in upper case. The GET and HEAD methods are treated as equivalent.)
※ mod_allowmethods는 TRACE 메소드에 대해 거부 X(-> TraceEnable 설정 필요)
참조 : https://httpd.apache.org/docs/2.4/mod/mod_allowmethods.html
mod_allowmethods - Apache HTTP Server Version 2.4
Apache Module mod_allowmethods Summary This module makes it easy to restrict what HTTP methods can be used on a server. The most common configuration would be: AllowMethods GET POST OPTIONS The HTTP-methods are case sensitive and are generally, as per RFC,
httpd.apache.org
테스트 :
curl -v -X PUT http://localhost