Bug#543577: marked as done (apache2: `TraceEnable off` does not disable HTTP TRACE method.)

2009-08-29 Thread Debian Bug Tracking System
Your message dated Sat, 29 Aug 2009 11:28:10 +0200 with message-id <87d46fdl5h@qurzaw.linpro.no> and subject line Re: Bug#543577: has caused the Debian Bug report #543577, regarding apache2: `TraceEnable off` does not disable HTTP TRACE method. to be marked as done. This means that you

Bug#543577:

2009-08-27 Thread Anthony L. Mendez
>Look into >/etc/apache2/conf.d/security >Maybe there is another 'TraceEnable on' there? This was exactly what I was needing. Sorry for any time wasted on this. The bug can be closed. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble?

Bug#543577:

2009-08-27 Thread Stefan Fritsch
On Thursday 27 August 2009, Anthony L. Mendez wrote: > I installed Lenny on a spare computer last night and only installed > the standard packages from the tasksel dialog. From there I > installed apache and added `TraceEnable off` to > /etc/apache2/apache2.conf. I then telnet'd to myself and teste

Bug#543577:

2009-08-27 Thread Anthony L. Mendez
I installed Lenny on a spare computer last night and only installed the standard packages from the tasksel dialog. From there I installed apache and added `TraceEnable off` to /etc/apache2/apache2.conf. I then telnet'd to myself and tested the HTTP Trace method. Again, `TraceEnable off` did nothing

Bug#543577:

2009-08-26 Thread Anthony L. Mendez
* Florian Weimer: >Is the TRACE response created by Webwork, perhaps? How would I be able to tell if WeBWork is responding rather than just apache? Doesn't apache handle these sort of things? I browsed through all of the configuration files for WeBWork and was unable to find anything relate

Bug#543577: apache2: `TraceEnable off` does not disable HTTP TRACE method.

2009-08-25 Thread Florian Weimer
* Anthony Mendez: > I also tried enabling mod_rewrite and using that method to disable > HTTP Trace and that did not work either. The only software we are > running on this server is WeBWork, an online math homework > system. More information about WeBWork is avaliable at > "http://webwork.math.ro

Bug#543577:

2009-08-25 Thread Anthony L. Mendez
A minor correcion. Using mod_rewrite to disable HTTP Trace still works but `TraceEnable off` defiantly does not work.

Bug#543577: apache2: `TraceEnable off` does not disable HTTP TRACE method.

2009-08-25 Thread Anthony Mendez
Package: apache2.2-common Version: 2.2.9-10+lenny4 Severity: grave Tags: security Justification: user security hole Adding `TraceEnable Off` to /etc/apache2/apache2.conf doest not disbable HTTP TRACE on the server. I also tried enabling mod_rewrite and using that method to disable HTTP Trace and