there was a requirement for me in my project which runs over Oracle iPlanet webserver. as per security concern, we had to disable the HTTP TRACE METHOD after digging and googling over I found Solution which is as follows
- goto
<iplanet-home-dir>/<server-instance-name>/config - you will find some files like
obj.confand<server-instance-name>-obj.conf - ignore
obj.confi also got confuse, when i started googling everyone said that we need to modify in obj.conf but it is wrong way of disabling it. i tried but had no luck. - open
<server-instance-name>-obj.conffile you will find content like below
command to test in this cas i am taking curl utility since most of the hacker uses this to download web content data.
curl -i -s -k -X 'TRACE' -L http://mahboob.ali.com:56100
- you will see the following output
this Question itself contains Question and its resolution.
below is the reference of the above Question and Resolution. http://download.oracle.com/sunalerts/1000718.1.html