How to disable other methods in web server 6 ?
Friday Jan 16, 2009
Sometimes, if you like/need to disable other methods which you do not need in web 6.1SPx, then you can add this into default object inside obj.conf,
in 6.1 web, you need to add<Client method=("INDEX"|"OPTIONS"|"DELETE"|"PUT"|"MOVE"|"TRACE"|"INDEX"|"MKDIR"|"RMDIR")>
AuthTrans fn="set-variable" remove-headers="transfer-encoding"
set-headers="content-length: -1" error="501"
</Client>
(NOTE - all in ONE single line for <Client method ...> and AuthTrans... above!
You saw wrapping above because of formatting in tools/browsers !)
as below :
apple:/export/home/iws6.1sp10/https-methods/config> cat obj.conf
# You can edit this file, but comments and formatting changes
# might be lost when the admin server makes changes.
<Object name="default">
AuthTrans fn="match-browser" browser="*MSIE*" ssl-unclean-shutdown="true"
<Client method=("INDEX"|"OPTIONS"|"DELETE"|"PUT"|"MOVE"|"TRACE"|"INDEX"|"MKDIR"|"RMDIR")>
AuthTrans fn="set-variable" remove-headers="transfer-encoding"
set-headers="content-length: -1" error="501"
</Client>
....
then restart and will work ok.
2. tests:
a. INDEX :
apple:/export/home/iws6.1sp10/https-methods/config> telnet apple 60106
Trying 129.158.175.16...
Connected to apple.
Escape character is '^]'.
INDEX / HTTP/1.1
Host: apple
HTTP/1.1 501 Not Implemented
Server: Sun-ONE-Web-Server/6.1
Date: Fri, 16 Jan 2009 05:56:34 GMT
Content-length: 148
Content-type: text/html
Connection: close
<HTML><HEAD><TITLE>Not Implemented</TITLE></HEAD>
<BODY><H1>Not Implemented</H1>
This server does not implement the requested method.
</BODY></HTML>Connection closed by foreign host.
b. OPTIONS :
apple:/export/home/iws6.1sp10/https-methods/config> telnet apple 60106
Trying 129.158.175.16...
Connected to apple.
Escape character is '^]'.
OPTIONS /banner.html HTTP/1.1
Host: apple
HTTP/1.1 501 Not Implemented
Server: Sun-ONE-Web-Server/6.1
Date: Fri, 16 Jan 2009 05:56:58 GMT
Content-length: 148
Content-type: text/html
Connection: close
<HTML><HEAD><TITLE>Not Implemented</TITLE></HEAD>
<BODY><H1>Not Implemented</H1>
This server does not implement the requested method.
</BODY></HTML>Connection closed by foreign host.
apple:/export/home/iws6.1sp10/https-methods/config>
c. TRACE method:
apple:/export/home/iws6.1sp10/https-methods/config> telnet apple 60106
Trying 129.158.175.16...
Connected to apple.
Escape character is '^]'.
TRACE /index.html HTTP/1.1
Host: apple
X-header: test
HTTP/1.1 501 Not Implemented
Server: Sun-ONE-Web-Server/6.1
Date: Fri, 16 Jan 2009 05:57:32 GMT
Content-length: 148
Content-type: text/html
Connection: close
<HTML><HEAD><TITLE>Not Implemented</TITLE></HEAD>
<BODY><H1>Not Implemented</H1>
This server does not implement the requested method.
</BODY></HTML>Connection closed by foreign host.
apple:/export/home/iws6.1sp10/https-methods/config>
3. Some may like to set up ACL, but there is still a chance for hackers to use above methods
if they discover the ACL uid/password.
So, if the above methods are not needed, then better disable them as above.
4. you can see a list of methods at
http://www.ietf.org/rfc/rfc2616.txt
e.g. section 9 Method Definitions
|
|
|
|
Tags: authtrans client methods set-variable tag
