How to disable other methods in web server 6 ?
Friday Jan 16, 2009
Sometimes, if you like/need to disable other methods which you do not need in web 6.1SPx, then you can add this into default object inside obj.conf,
in 6.1 web (for 7.0, please see comments below by Meena), you need to add<Client method=("INDEX"|"OPTIONS"|"DELETE"|"PUT"|"MOVE"|"TRACE"|"MKDIR"|"RMDIR")>
AuthTrans fn="set-variable" remove-headers="transfer-encoding"
set-headers="content-length: -1" error="501"
</Client>
(NOTE - all in ONE single line for <Client method ...> and AuthTrans... above!
You saw wrapping above because of formatting in tools/browsers !)
as below :
apple:/export/home/iws6.1sp10/https-methods/config> cat obj.conf
# You can edit this file, but comments and formatting changes
# might be lost when the admin server makes changes.
<Object name="default">
AuthTrans fn="match-browser" browser="*MSIE*" ssl-unclean-shutdown="true"
<Client method=("INDEX"|"OPTIONS"|"DELETE"|"PUT"|"MOVE"|"TRACE"|"INDEX"|"MKDIR"|"RMDIR")>
AuthTrans fn="set-variable" remove-headers="transfer-encoding"
set-headers="content-length: -1" error="501"
</Client>
....
then restart and will work ok.
2. tests:
a. INDEX :
apple:/export/home/iws6.1sp10/https-methods/config> telnet apple 60106
Trying 129.158.175.16...
Connected to apple.
Escape character is '^]'.
INDEX / HTTP/1.1
Host: apple
HTTP/1.1 501 Not Implemented
Server: Sun-ONE-Web-Server/6.1
Date: Fri, 16 Jan 2009 05:56:34 GMT
Content-length: 148
Content-type: text/html
Connection: close
<HTML><HEAD><TITLE>Not Implemented</TITLE></HEAD>
<BODY><H1>Not Implemented</H1>
This server does not implement the requested method.
</BODY></HTML>Connection closed by foreign host.
b. OPTIONS :
apple:/export/home/iws6.1sp10/https-methods/config> telnet apple 60106
Trying 129.158.175.16...
Connected to apple.
Escape character is '^]'.
OPTIONS /banner.html HTTP/1.1
Host: apple
HTTP/1.1 501 Not Implemented
Server: Sun-ONE-Web-Server/6.1
Date: Fri, 16 Jan 2009 05:56:58 GMT
Content-length: 148
Content-type: text/html
Connection: close
<HTML><HEAD><TITLE>Not Implemented</TITLE></HEAD>
<BODY><H1>Not Implemented</H1>
This server does not implement the requested method.
</BODY></HTML>Connection closed by foreign host.
apple:/export/home/iws6.1sp10/https-methods/config>
c. TRACE method:
apple:/export/home/iws6.1sp10/https-methods/config> telnet apple 60106
Trying 129.158.175.16...
Connected to apple.
Escape character is '^]'.
TRACE /index.html HTTP/1.1
Host: apple
X-header: test
HTTP/1.1 501 Not Implemented
Server: Sun-ONE-Web-Server/6.1
Date: Fri, 16 Jan 2009 05:57:32 GMT
Content-length: 148
Content-type: text/html
Connection: close
<HTML><HEAD><TITLE>Not Implemented</TITLE></HEAD>
<BODY><H1>Not Implemented</H1>
This server does not implement the requested method.
</BODY></HTML>Connection closed by foreign host.
apple:/export/home/iws6.1sp10/https-methods/config>
3. Some may like to set up ACL, but there is still a chance for hackers to use above methods
if they discover the ACL uid/password.
So, if the above methods are not needed, then better disable them as above.
4. you can see a list of methods at
http://www.ietf.org/rfc/rfc2616.txt
e.g. section 9 Method Definitions
|
|
|
|
Tags: authtrans client methods set-variable tag
INDEX is used twice.
For Web Server ...
Hi, Meena,
Thanks a lot to point out...