mod_rewrite를 이용한 http커맨드 제어

PUT, TRACE, DELETE를 사용 불가능하게하기.

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^TRACE [OR]
RewriteCond %{REQUEST_METHOD} ^PUT   [OR]
RewriteCond %{REQUEST_METHOD} ^DELETE

RewriteRule .* – [F]
</IfModule>

적용전

[root@movie conf]# telnet localhost 80
Trying 127.0.0.1…
Connected to localhost.localdomain (127.0.0.1).
Escape character is ‘^]’.
TRACE / HTTP/1.0
Host: localhost

HTTP/1.1 200 OK
Date: Fri, 06 Nov 2009 03:26:32 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: localhost

Connection closed by foreign host.

적용후

[root@localhost conf]# telnet localhost 80
Trying 127.0.0.1…
Connected to localhost.localdomain (127.0.0.1).
Escape character is ‘^]’.
TRACE / HTTP/1.0
Host: localhost

HTTP/1.1 403 Forbidden
Date: Fri, 06 Nov 2009 03:42:21 GMT
Server: Apache
Content-Length: 321
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC “-//IETF//DTD HTML 2.0//EN”>
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don’t have permission to access /
on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
</body></html>
Connection closed by foreign host.

답글 남기기

Your email address will not be published.