current community

your communities

more stack exchange communities

company blog
Stack Exchange Inbox Reputation and Badges
tour help
Sign up ×
Unix & Linux Stack Exchange is a question and answer site for users of Linux, FreeBSD and other Un*x-like operating systems. It's 100% free, no registration required.
up vote 0 down vote favorite

An nmap scan gaved this: 

443/tcp  open     ssl/http Apache httpd
| http-methods: GET HEAD OPTIONS TRACE
| Potentially risky methods: TRACE
|_See http://nmap.org/nsedoc/scripts/http-methods.html

so I tried to: 

# DISABLE TRACE
vi /var/www/conf/httpd.conf
TraceEnable off

Q: But it gaved syntax error. How can I securely disable Trace HTTP METHOD on OpenBSD 5.3?

p.s.: Why is an insecure option enabled in a secure OS?

share|improve this question
3  
Regarding that “insecure option”, the httpd documentation says “Despite claims to the contrary, TRACE is not a security vulnerability and there is no viable reason for it to be disabled.” – manatwork Sep 11 '13 at 9:14
    
Show us where exactly you inserted that directive and paste the exact error message. – manatwork Sep 11 '13 at 9:16

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Browse other questions tagged or ask your own question.