One way to test if TRACE has been disabled is to telnet to port 80 (type the stuff in red):
telnet myserver.com 80
Connected to myserver.com (1.2.3.4).Escape character is '^]'.
TRACE / HTTP/1.1
host: myserver.com
If a 400 error is printed then you are secured:
HTTP/1.1 403 Forbidden
Date: Tue, 11 Nov 2008 15:26:33 GMT
Server: Apache/2.0.52 (OS Version)
Accept-Ranges: bytes
Content-Length: 3985
Connection: close
...
... html
... html
...
Other commands you might try:
HEAD / HTTP/1.0
host: your_domain.com
((hit enter))
host: your_domain.com
((hit enter))
HEAD /index.html HTTP/1.0
host: your_domain.com
((hit enter))
host: your_domain.com
((hit enter))
HEAD / HTTP/1.1
host: your_domain.com
((hit enter))
host: your_domain.com
((hit enter))
HEAD /index.html HTTP/1.1
host: your_domain.com
((hit enter))
host: your_domain.com
((hit enter))
GET / HTTP/1.0
host: your_domain.com
((hit enter))
host: your_domain.com
((hit enter))
GET /index.html HTTP/1.0
host: your_domain.com
((hit enter))
host: your_domain.com
((hit enter))
GET / HTTP/1.1
host: your_domain.com
((hit enter))
host: your_domain.com
((hit enter))
GET /index.html HTTP/1.1
host: your_domain.com
((hit enter))
host: your_domain.com
((hit enter))
Connection: Close
I am not exactly the difference between these commands above yet.
No comments:
Post a Comment