Disable HTTP TRACE METHOD Functionality In Oracle IPlanet Webserver

Question

there was a requirement for me in my project which runs over Oracle iPlanet webserver. as per security concern, we had to disable the HTTP TRACE METHOD after digging and googling over I found Solution which is as follows

goto <iplanet-home-dir>/<server-instance-name>/config
you will find some files like obj.conf and <server-instance-name>-obj.conf
ignore obj.conf i also got confuse, when i started googling everyone said that we need to modify in obj.conf but it is wrong way of disabling it. i tried but had no luck.
open <server-instance-name>-obj.conf file you will find content like below

command to test in this cas i am taking curl utility since most of the hacker uses this to download web content data.

curl -i -s -k -X 'TRACE' -L http://mahboob.ali.com:56100
you will see the following output

Mahboob Ali · Answer 1 · 2016-06-01T12:11:16.640

0

this Question itself contains Question and its resolution.

below is the reference of the above Question and Resolution. http://download.oracle.com/sunalerts/1000718.1.html

edited Jun 01 '16 at 12:11

answered May 31 '16 at 19:06

Mahboob Ali

165
8

Disable HTTP TRACE METHOD Functionality In Oracle IPlanet Webserver

1 Answers1