topic Insecure HTTP Methods Enabled in Operating System - HP-UX

Insecure HTTP Methods Enabled

Fauziah Mahdan — Mon, 10 Jan 2011 04:01:37 GMT

HI all.

Our web server installed in HPUX 11.23. WE need to disble the WEBDAV protocol.
What is the exact command?

Re: Insecure HTTP Methods Enabled

Horia Chirculescu — Tue, 11 Jan 2011 13:22:27 GMT

WebDAV module is dynamically included in Apache Web Server.

So if you do not need that facility, you can start the apache server without this module.

Basically, stop the web (apache) server, then you should comment out (use # in front of) the line that loads the module. Next start the web server and this time the module will not be loaded.

Best regards,
Horia.

Re: Insecure HTTP Methods Enabled

Fauziah Mahdan — Thu, 13 Jan 2011 01:13:09 GMT

HI,
Thanks for the feedback.
BTW I did check some say to comment the dav on when i check my hhptd.conf this is what I found
#DAV on

But during penetration it sill can see all the method like post,get,head, delete,patch and etc.

When you say to limit the load.
Is it to comment some item like below listing?
LoadModule access_module modules/mod_access.so
LoadModule auth_module modules/mod_auth.so
LoadModule auth_anon_module modules/mod_auth_anon.so
LoadModule auth_dbm_module modules/mod_auth_dbm.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule file_cache_module modules/mod_file_cache.so
LoadModule echo_module modules/mod_echo.so

Regards,