禁用TRACK / TRACE apache

时间:2015-06-08 11:14:54

标签: apache ssl nginx

我对TRACK / TRACE HTTP方法有疑问。 我使用TraceEnable Off从httpd.conf禁用了TRACE。 当我尝试测试它是否真的被禁用时,这就是我得到的:

< HTTP/1.1 405 Method Not Allowed

但是,仍会返回完整代码。这是正常的吗? 当我在谷歌网站上测试TRACE方法时,我得到一个包含405方法不允许的html。

我在这台服务器上运行了2个站点,Apache使用Nginx反向代理。一个使用SSL而另一个没有。

非SSL在Header Response和HTML code中返回405 Method Not Allowed。

SSL 1,在Header Response中返回405,但带有完整的html代码(主页)

任何帮助都将不胜感激。

谢谢!

编辑: 响应非SSL 

* Connected to example.com (xx.xx.xx.xx) port 80 (#0)
> TRACE / HTTP/1.1
> User-Agent: curl/7.35.0
> Host: example.com
> Accept: */*
> 
< HTTP/1.1 405 Not Allowed
* Server nginx admin is not blacklisted
< Server: nginx admin
< Date: Mon, 08 Jun 2015 11:26:45 GMT
< Content-Type: text/html
< Content-Length: 166
< Connection: close
< 
<html>
<head><title>405 Not Allowed</title></head>
<body bgcolor="white">
<center><h1>405 Not Allowed</h1></center>
<hr><center>nginx</center>
</body>
</html>
* Closing connection 0

SSL网站的响应:

* Connected to www.example.com (xx.xx.xx.xx) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using ECDHE-RSA-AES256-GCM-SHA384
* Server certificate:
*    subject: OU=GT45927005; OU=See www.rapidssl.com/resources/cps (c)15; OU=Domain Control Validated - RapidSSL(R); CN=www.smartnation.ro
*    start date: 2015-05-03 09:14:54 GMT
*    expire date: 2016-05-05 19:37:10 GMT
*    issuer: C=US; O=GeoTrust Inc.; CN=RapidSSL SHA256 CA - G3
*    SSL certificate verify ok.
> TRACE / HTTP/1.1
> User-Agent: curl/7.35.0
> Host: www.example.com
> Accept: */*
> 
< HTTP/1.1 405 Method Not Allowed
< Date: Mon, 08 Jun 2015 11:30:55 GMT
* Server Apache/2.2.26 (Unix) mod_ssl/2.2.26 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 is not blacklisted
< Server: Apache/2.2.26 (Unix) mod_ssl/2.2.26 OpenSSL/1.0.1e-fips mod_bwlimited/1.4
< Expires: Thu, 19 Nov 1981 08:52:00 GMT
< Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
< Pragma: no-cache
< X-Pingback: https://www.example.com/xmlrpc.php
< Set-Cookie: PHPSESSID=6b7fbfb366741438c07a9041452ea469; path=/
< Set-Cookie: _pmxi_session=%7C%7C%7C%7C; path=/
< Connection: close
< Transfer-Encoding: chunked
< Content-Type: text/html; charset=UTF-8
< 
<!DOCTYPE html>

<!--[if lt IE 7 ]><html class="ie ie6" lang="en"> <![endif]-->

<!--[if IE 7 ]><html class="ie ie7" lang="en"> <![endif]-->

<!--[if IE 8 ]><html class="ie ie8" lang="en"> <![endif]-->

<!--[if (gte IE 9)|!(IE)]><!--><html lang="en"> <!--<![endif]-->

<head>

    <meta charset="utf-8">

    <meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=no" />

    <meta name="apple-mobile-web-app-capable" content="yes" />

    <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">

    <meta http-equiv="content-language" content="en" />
etc...

编辑2: 配置文件(httpd.conf和nginx)

Listen 0.0.0.0:8081
Listen [::]:8081
Listen 0.0.0.0:443
Listen [::]:443
<VirtualHost xx.xx.xx.xx:8081>
    ServerName example.com
    ServerAlias www.example.com
    DocumentRoot /home/account/public_html
    ServerAdmin webmaster@example.com
    UseCanonicalName Off
    #CustomLog /usr/local/apache/domlogs/example.com combined
    #CustomLog /usr/local/apache/domlogs/example.com-bytes_log "%{%s}t %I .\n%{%s}t %O ."
    ## User account # Needed for Cpanel::ApacheConf
    UserDir enabled account
    <IfModule mod_suphp.c>
        suPHP_UserGroup account account
    </IfModule>
    <IfModule !mod_disable_suexec.c>
        <IfModule !mod_ruid2.c>
            SuexecUserGroup account account
        </IfModule>
    </IfModule>
    <IfModule mod_ruid2.c>
        RMode config
        RUidGid account account
    </IfModule>
    <IfModule itk.c>
        # For more information on MPM ITK, please read:
        #   http://mpm-itk.sesse.net/
        AssignUserID account account
    </IfModule>
    ScriptAlias /cgi-bin/ /home/account/public_html/cgi-bin/


    # To customize this VirtualHost use an include file at the following location
    # Include "/usr/local/apache/conf/userdata/std/2/account/example.com/*.conf"

</VirtualHost>
<VirtualHost xx.xx.xx.xx:443>
    ServerName example.com
    ServerAlias www.example.com
    DocumentRoot /home/account/public_html
    ServerAdmin webmaster@example.com
    UseCanonicalName Off
    #CustomLog /usr/local/apache/domlogs/example.com combined
    #CustomLog /usr/local/apache/domlogs/example.com-bytes_log "%{%s}t %I .\n%{%s}t %O ."
    ## User natsmart # Needed for Cpanel::ApacheConf
    UserDir enabled account
    <IfModule mod_suphp.c>
        suPHP_UserGroup account account
    </IfModule>
    <IfModule !mod_disable_suexec.c>
        <IfModule !mod_ruid2.c>
            SuexecUserGroup account account
        </IfModule>
    </IfModule>
    <IfModule mod_ruid2.c>
        RMode config
        RUidGid account account
    </IfModule>
    <IfModule itk.c>
        # For more information on MPM ITK, please read:
        #   http://mpm-itk.sesse.net/
        AssignUserID account account
    </IfModule>
    ScriptAlias /cgi-bin/ /home/account/public_html/cgi-bin/
    SSLEngine on

    SSLCertificateFile /var/cpanel/ssl/installed/certs/www_example_com_dfe76_6dcdf_1462477030_fd971317dfc02602ec168052ed2c7119.crt
    SSLCertificateKeyFile /var/cpanel/ssl/installed/keys/dfe76_6dcdf_d9471fcd7e80d319080f6db604599d49.key
    SSLCACertificateFile /var/cpanel/ssl/installed/cabundles/GeoTrust_Inc__6473a1b25f37e0f134912eb5d8d02a9c_1653082772.cabundle
    #CustomLog /usr/local/apache/domlogs/example.com-ssl_log combined
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
    <Directory "/home/account/public_html/cgi-bin">
        SSLOptions +StdEnvVars
    </Directory>

    # To customize this VirtualHost use an include file at the following location
    # Include "/usr/local/apache/conf/userdata/ssl/2/account/example.com/*.conf"

</VirtualHost>

Nginx的:

server {
          error_log /var/log/nginx/vhost-error_log warn;
          listen xx.xx.xx.xx:80;
          listen [::]:80;
          server_name example.com www.example.com;
          access_log /usr/local/apache/domlogs/example.com-bytes_log bytes_log;
          access_log /usr/local/apache/domlogs/example.com combined;
          root /home/account/public_html;
          #location / {
          location ~*.*\.(3gp|gif|jpg|jpeg|png|ico|wmv|avi|asf|asx|mpg|mpeg|mp4|pls|mp3|mid|wav|swf|flv|html|htm|txt|js|css|exe|zip|tar|rar|gz|tgz|bz2|uha|7z|doc|docx|xls|xlsx|pdf|iso)$ {
          expires 1M;
          try_files $uri @backend;
          }
          location / {
      error_page 405 = @backend;
          add_header X-Cache "HIT from Backend";
          proxy_pass http://xx.xx.xx.xx:8081;
          include proxy.inc;
      include microcache.inc;
          }
          location @backend {
          internal;
          proxy_pass http://xx.xx.xx.xx:8081;
          include proxy.inc;
      include microcache.inc;
          }
          location ~ .*\.(php|jsp|cgi|pl|py)?$ {
          proxy_pass http://xx.xx.xx.xx:8081;
          include proxy.inc;
      include microcache.inc;
          }
          location ~ /\.ht {
          deny all;
          }
        }

1 个答案:

答案 0 :(得分:0)

通过指定TRACK / TRACE(http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html)行为的RFC,未定义不成功调用的行为。你正在遇到这种 - 未定义的行为。

如果通过TRACK / TRACE的呼叫成功,则以下情况属实:

  1. HTTP状态代码为200
  2. message/http
    3. 的内容类型

    其他任何事情都被视为失败。 405也被视为故障(客户端触发的故障,因此状态代码为4xx),因此,就RFC而言,这完全符合请求类型的定义方式。那么,真正的问题是,除了RFC之外,你期望的是什么与你拥有的不一样?错误回复?

相关问题
最新问题