2011-04-08

Disabling TRACE and TRACK methods

After reading a blog post about how to disable TRACE and TRACK for compliance, I've taken an extra step - limit HTTP requests to only "the big three":
        RewriteEngine On
        RewriteCond %{REQUEST_METHOD} !^(GET|HEAD|POST)
        RewriteRule .* - [F]
It's possible you might want to add "OPTIONS" to that list or "DELETE|PUT" to be RESTful, but as with most implementations, YMMV.
Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Ratings and Recommendations by outbrain