htaccess を介して trace および track メソッドを無効にしたいと考えています。
私のhtaccessに次のスニペットを使用します:
RewriteCond %{REQUEST_METHOD} ^TRAC[EK]
RewriteRule .* - [L,R=405]
私は次の答えを得る
url -v -X TRACK obscuredurl* Adding handle: conn: 0x7f8c43004400
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x7f8c43004400) send_pipe: 1, recv_pipe: 0
* About to connect() to obscuredurl port 80 (#0)
* Trying xx.xx.xxx.xx...
* Connected to obscuredurl (xx.xx.xxx.xx) port 80 (#0)
> TRACK / HTTP/1.1
> User-Agent: curl/7.30.0
> Host: obscuredurl
> Accept: */*
>
< HTTP/1.1 405 Method Not Allowed
< Date: Tue, 14 Jan 2014 09:53:45 GMT
* Server Apache is not blacklisted
< Server: Apache
< Allow: TRACE
< Content-Length: 296
< Connection: close
< Content-Type: text/html; charset=iso-8859-1
<
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>405 Method Not Allowed</title>
</head><body>
<h1>Method Not Allowed</h1>
<p>The requested method TRACK is not allowed for the URL /.</p>
<hr>
<address>Apache Server at obscuredurl Port 80</address>
</body></html>
* Closing connection 0
と
curl -v -X TRACE obscuredurl
* Adding handle: conn: 0x7ff339004400
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x7ff339004400) send_pipe: 1, recv_pipe: 0
* About to connect() to obscuredurl port 80 (#0)
* Trying xx.xx.xxx.xx...
* Connected to obscuredurl (xx.xx.xxx.xx) port 80 (#0)
> TRACE / HTTP/1.1
> User-Agent: curl/7.30.0
> Host: obscuredurl
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Tue, 14 Jan 2014 09:55:15 GMT
* Server Apache is not blacklisted
< Server: Apache
< Connection: close
< Transfer-Encoding: chunked
< Content-Type: message/http
<
TRACE / HTTP/1.1
User-Agent: curl/7.30.0
Host: obscuredurl
Accept: */*
* Closing connection 0
したがって、TRACK では機能するようですが、trace では機能しないようです。2 つの別々の条件のいずれかが機能します。
どうすればデバッグできますか?
ありがとう