Re: Insecure HTTP Methods Enabled

Fauziah Mahdan · ‎01-09-2011

HI all.

Our web server installed in HPUX 11.23. WE need to disble the WEBDAV protocol.
What is the exact command?

Horia Chirculescu · ‎01-11-2011

WebDAV module is dynamically included in Apache Web Server.

So if you do not need that facility, you can start the apache server without this module.

Basically, stop the web (apache) server, then you should comment out (use # in front of) the line that loads the module. Next start the web server and this time the module will not be loaded.

Best regards,
Horia.

Best regards from Romania,
Horia.

Fauziah Mahdan · ‎01-12-2011

HI,
Thanks for the feedback.
BTW I did check some say to comment the dav on when i check my hhptd.conf this is what I found
#DAV on

But during penetration it sill can see all the method like post,get,head, delete,patch and etc.

When you say to limit the load.
Is it to comment some item like below listing?
LoadModule access_module modules/mod_access.so
LoadModule auth_module modules/mod_auth.so
LoadModule auth_anon_module modules/mod_auth_anon.so
LoadModule auth_dbm_module modules/mod_auth_dbm.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule file_cache_module modules/mod_file_cache.so
LoadModule echo_module modules/mod_echo.so

Regards,

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: Insecure HTTP Methods Enabled

Insecure HTTP Methods Enabled

Re: Insecure HTTP Methods Enabled

Re: Insecure HTTP Methods Enabled