[KLUG Members] Apache 2.0.46

Manish Chacko members@kalamazoolinux.org
Fri, 20 Jun 2003 12:13:57 -0400

Previous message: [KLUG Members] (no subject)
Next message: [KLUG Members] Firewall
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi All,
I'm running a RH8 server to scan my windows machines. I use nessus which is a remote security scanner. I have a windows 2000 server running apache 2.0.46. Nessus showed the foll vulnerability.:
Results|141.218.xxx|141.218.xxx.xx|ppp (3000/tcp)|11213|Security Warning| Your webserver supports the TRACE and/or TRACK methods. It has been shown that servers supporting this method are subject to cross-site-scripting attacks, dubbed XST for'Cross-Site-Tracing', when used in conjunction with various weaknesses in browsers.An attacker may use this flaw to trick your\nlegitimate web users to give him their credentials.
Solution: Disable these methods.

If you are using Apache, add the following lines for each virtual\nhost in your configuration file :
   RewriteEngine on 
   RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)        RewriteRule .* 
Question: I'm not using virtual hosts, where do I insert these 3 lines mentioned(in the httpd.conf file)?
Hope this is not too off topic!
Thanx.

---
Manish Chacko
Network/Systems Administrator,
BIS Dept, H.C.O.B,
Western Michigan University,
Kalamazoo, MI.



--------- Original Message ---------

DATE: 20 Jun 2003 11:44:33 -040
From: Bruce Smith <bruce@armintl.com>
To: KLUG <members@kalamazoolinux.org>
Cc: 

>> 1. Does iptables support statefull filtering? 
>
>Yes.
>
>> I don't want to open 1024:65535 for FTP.
>
>Neither do I, and I don't.
>
>> 2. Does iptables support port redirection/nat?
>
>Yes.
>
>> I have one address from my ISP. It's bound to my RH9 box. 
>> I want to redirect ports(80,25,5900) to other server on the lan (192.168.0.x).
>
>No problem.
>
>--------------------------------------------
>Bruce Smith                bruce@armintl.com
>System Administrator / Network Administrator
>Armstrong International, Inc.
>Three Rivers, Michigan  49093  USA
>http://www.armstrong-intl.com/
>--------------------------------------------
>
>_______________________________________________
>Members mailing list
>Members@kalamazoolinux.org
>
>



____________________________________________________________
Get advanced SPAM filtering on Webmail or POP Mail ... Get Lycos Mail!
http://login.mail.lycos.com/r/referral?aid=27005

Previous message: [KLUG Members] (no subject)
Next message: [KLUG Members] Firewall
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]