You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 58 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Nuke Cops :: View topic - cross site tracing http Trace [ ]
 Forum FAQ  •  Search  •   •  Memberlist  •  Usergroups   •  Register  •  Profile •    •  Log in to check your private messages  •  Log in

cross site tracing http Trace
 
Post new topic  Reply to topicprinter-friendly view Nuke Cops Forum Index » Nuke Security
View previous topic Log in to check your private messages View next topic
Author Message
sixonetonoffun
Major
Major


Joined: Jan 13, 2003
Posts: 892
PostPosted: Mon Feb 24, 2003 8:09 am Reply with quoteBack to top
Simple fix for eliminating the potential exploit of Trace protocol on Apache with mod_rewrite.
htaccess
Code:

RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]


Source information http://lwn.net/Articles/20975/

_________________
www.netflake.com
www.glowoptics.com
Find all posts by sixonetonoffunView user's profileSend private message
publicx2001
Premium
Premium


Joined: Feb 11, 2003
Posts: 172

Location: USA
PostPosted: Mon Feb 24, 2003 11:28 am Reply with quoteBack to top
just put the last line at the end of the rewrite or add this to it?
Find all posts by publicx2001View user's profileSend private messageAIM Address
sixonetonoffun
Major
Major


Joined: Jan 13, 2003
Posts: 892
PostPosted: Mon Feb 24, 2003 11:52 am Reply with quoteBack to top
I don't think it makes much difference where its put so long as these 2 lines are after rewriteengine on
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]

_________________
www.netflake.com
www.glowoptics.com
Find all posts by sixonetonoffunView user's profileSend private message
publicx2001
Premium
Premium


Joined: Feb 11, 2003
Posts: 172

Location: USA
PostPosted: Sun Mar 09, 2003 8:18 am Reply with quoteBack to top
is there any addition for the XSS exploit?
Find all posts by publicx2001View user's profileSend private messageAIM Address
Zhen-Xjell
Nuke Cops Founder
Nuke Cops Founder


Joined: Nov 14, 2002
Posts: 5939
PostPosted: Sun Mar 09, 2003 8:41 am Reply with quoteBack to top
Any addition?

_________________
Paul Laudanski, Microsoft MVP Windows-Security
CastleCops: [de] [en] [wiki]
Find all posts by Zhen-XjellView user's profileSend private messageSend e-mailVisit poster's website
publicx2001
Premium
Premium


Joined: Feb 11, 2003
Posts: 172

Location: USA
PostPosted: Sun Mar 09, 2003 9:31 am Reply with quoteBack to top
yes- and addition to the mod_rewrite rules to take care of XSS exploits.

in addition to the trace one as mentioned above.
Find all posts by publicx2001View user's profileSend private messageAIM Address
Zhen-Xjell
Nuke Cops Founder
Nuke Cops Founder


Joined: Nov 14, 2002
Posts: 5939
PostPosted: Sun Mar 09, 2003 12:40 pm Reply with quoteBack to top
There are more that can be added for other XSS exploits, but you need to have certain apache mods installed like mod_security.

_________________
Paul Laudanski, Microsoft MVP Windows-Security
CastleCops: [de] [en] [wiki]
Find all posts by Zhen-XjellView user's profileSend private messageSend e-mailVisit poster's website
Display posts from previous:      
Post new topic  Reply to topicprinter-friendly view Nuke Cops Forum Index » Nuke Security
View previous topic Log in to check your private messages View next topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group

Ported by Nuke Cops © 2003 www.nukecops.com
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::
Powered by · TOGETHER TEAM srl ITALY http://www.togetherteam.it · DONDELEO E-COMMERCE http://www.DonDeLeo.com
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.174 Seconds - 233 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::