Scalix Forums

Skip to content

http trace vulnerability?

Discuss the Scalix Server software

Moderators: ScalixSupport, admin

Post Reply
FNB
Posts: 27
Joined: Mon Jul 17, 2006 2:21 pm

http trace vulnerability?

Postby FNB » Mon Oct 30, 2006 2:59 pm

We're running Scalix 10 on RHEL 4. A recent security scan of the box showed that http trace is enabled http://xforce.iss.net/xforce/xfdb/11149.

Are we going to cause any problems with Scalix by disabling it? If not, how do you recommend disabling it?
Top
ScalixSupport
Scalix
Scalix
Posts: 5503
Joined: Thu Mar 25, 2004 8:15 pm

Postby ScalixSupport » Mon Oct 30, 2006 9:28 pm

According to the link you posted:

As a workaround, disable HTTP TRACE support on your Web server. HTTP TRACE support can be disabled on Apache HTTP Server using the mod_rewrite module and on Microsoft Internet Information Services (IIS) using the URLScan tool.


The mod_rewrite module is installed and loaded by default on all my apache servers with no ill effect.

Regards,
Don
Top
Post Reply

Return to “Scalix Server”



Who is online

Users browsing this forum: No registered users and 1 guest

Powered by phpBB® Forum Software © phpBB Limited
 

 

cron