默认状态下,Apache是打开这个功能的。如果使用nessus之类的工具扫描刚刚配置好的Apache环境,基本上都会有HTTP TRACE / TRACK Methods Allowed的报警。
这个服务打开有可能造成XXS攻击。

如果这个服务开启,telnet到80端口,然后发送“TRACE / HTTP/1.0”会显示如下信息。
telnet 118.193.133.159 80
Trying 118.193.133.159…
Connected to 118.193.133.159.
Escape character is ‘^]’.
TRACE / HTTP/1.0
Host: eryige.com
Any text entered here will be echoed back in the response

HTTP/1.1 200 OK
Date: Sat, 11 Nov 1111 11:11:11 GMT
Server: Apache/1.1.1 (Debian) PHP/1.1.1-1 mod_ruby/1.1.1 Ruby/1.1.1(1111-11-11)
Connection: close
Content-Type: message/http

关闭的方法是在Apache的配置文件里加上如下参数
比如Centos中,在文件/etc/httpd/conf/httpd.conf的末尾加上
TraceEnable off

重启httpd后
[root@eryige ~]# service httpd restart

再次telnet到80端口,然后发送“TRACE / HTTP/1.0”会显示如下信息。
telnet 118.193.133.159 80
Trying 118.193.133.159…
Connected to 118.193.133.159.
Escape character is ‘^]’.
TRACE / HTTP/1.0
Host: eryige.com
testing…  <- ENTER twice

HTTP/1.1 403 Forbidden
Date: Sat, 11 Nov 1111 11:11:11 GMT
Server: Apache/1.1.1 (Debian) PHP/1.1.1-1 mod_ruby/1.1.1 Ruby/1.1.1(1111-11-11)
Content-Length: 111
Connection: close
Content-Type: text/html; charset=iso-1111-1