From 479e228cb0618a0cca1c0301d80587361c03a218 Mon Sep 17 00:00:00 2001
From: Kyrylo Galanov <kgalanov@mirantis.com>
Date: Mon, 18 Jan 2016 17:30:48 +0200
Subject: [PATCH] Disable TRACE method for Apache 2.4

Avoiding possible XST attack vector

Change-Id: I3f4d29c71811a3d6240cfa8b9242039c27a6cad7
Closes-Bug: #1533209
---
 deployment/puppet/cobbler/templates/httpd_2.4.conf.erb | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/deployment/puppet/cobbler/templates/httpd_2.4.conf.erb b/deployment/puppet/cobbler/templates/httpd_2.4.conf.erb
index 1580af6b95..ce092e6481 100644
--- a/deployment/puppet/cobbler/templates/httpd_2.4.conf.erb
+++ b/deployment/puppet/cobbler/templates/httpd_2.4.conf.erb
@@ -347,6 +347,9 @@ AddDefaultCharset UTF-8
 #EnableMMAP off
 EnableSendfile on
 
+# Disable TRACE method
+TraceEnable off
+
 # Supplemental configuration
 #
 # Load config files in the "/etc/httpd/conf.d" directory, if any.