Thursday, June 05, 2014

http: testing track / trace

been disabling track / trace on my web servers for security purposes without knowing how to check if it is really disabled. now i found a procedure to verify if track / trace is disabled.

# telnet <ip> 80

you can use other ports. i use the usual port 80 for http

then enter the ff:

TRACK / HTTP/1.0
Host: <ip>
TestA: H
TestB: W

and / or:

TRACE / HTTP/1.0
Host: <ip>
TestA: H
TestB: W

then press enter until an output is displayed.

if track / trace is enabled, you'll see the server info.

(src. http://www.techstacks.com/howto/disable-tracetrack-in-apache-httpd.html)
at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

SSH : No matching host key type found. Their offer: ssh-rsa,ssh-dss

Got this while connecting to my mikrotik router via ssh   Unable to negotiate with <ip address> port <ssh port>: no matching hos...