Pivotal Knowledge Base

Follow

How to disable HTTP_TRACE for Apache httpd/Pivotal Web Server and How to test HTTP_TRACE

[Preliminary] How to disable HTTP_TRACE for Pivotal Web Server (PWS) / How to test HTTP_TRACE (2016995_draft)
 
 
TRACE is by enabled by default for Pivotal Web Server (PWS).
 

Resolution

The TraceEnable directive can be used to disable TRACE method: 
 
In the conf/httpd.conf add line:
 
       TraceEnable Off
 
  
 

Validation

1. Using telnet application, open a connection to you web server:
 
telnet <server-name-or-IP> <port_number> 
 
2. Once connected, type the following:
 
   TRACE / HTTP/1.1
    Host: <server-name-or=ip>
    Line1: This is a test line
    Line2: This is another test line
 
Hit ENTER key twice.
 

3. Output for "TraceEnable On"
 
    HTTP/1.1 200 OK
    Date: Thu, 28 Aug 2014 19:53:45 GMT
    Server: Apache/2.2.25 (Unix)
    Transfer-Encoding: chunked
    Content-Type: message/http

    5f 
    TRACE / HTTP/1.1
    Host: web01
    Line1: This is a test line
    Line2: This is another test line


    0
 
 
4. Output for "TraceEnable Off"
 
HTTP/1.1 405 Method Not Allowed
Date: Thu, 28 Aug 2014 19:45:49 GMT
Server: Apache/2.2.25 (Unix)
Allow:
Content-Length: 223
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>405 Method Not Allowed</title>
</head><body>
<h1>Method Not Allowed</h1>
<p>The requested method TRACE is not allowed for the URL /.</p>
</body></html>
 
 
 
©Pivotal 2014

Comments

Powered by Zendesk