Disable TRACE method for Apache 2.4

Avoiding possible XST attack vector Change-Id: I3f4d29c71811a3d6240cfa8b9242039c27a6cad7 Closes-Bug: #1533209
2016-01-18 17:30:48 +02:00 · 2016-01-18 17:30:48 +02:00 · 479e228cb0
commit 479e228cb0
parent 7c0d1977ca
1 changed files with 3 additions and 0 deletions
--- a/deployment/puppet/cobbler/templates/httpd_2.4.conf.erb
+++ b/deployment/puppet/cobbler/templates/httpd_2.4.conf.erb
@ -347,6 +347,9 @@ AddDefaultCharset UTF-8
 #EnableMMAP off
 EnableSendfile on

+# Disable TRACE method
+TraceEnable off
+
 # Supplemental configuration
 #
 # Load config files in the "/etc/httpd/conf.d" directory, if any.