检测方式:
c:\>nc www.baidu.com 80 < 1.txt
HTTP/1.1 200 ok
Date: Mon,22 Aug 2011 06:37:25 GMT
Server: Apache/2.2.3 <Red Hat>
Connection: close
Transfer-Encoding: chunked
Content-Type: message/http
88
TRACE / HTTP/1.1
Host: www.baidu.com
Accept: */*
Accept-Language: en-US
User-Agent: Mozilla/4.0 <compatible; MSIE 6.0; w
0
其他方法:
<script>alert(12345)%3C/script%3E
%3Cscript%3Ealert(12345)%3C/script%3E
1.txt 内容
TRACE / HTTP/1.1 Host: www.baidu.com Accept: */* Accept-Language: en-US User-Agent: Mozilla/4.0 <compatible; MSIE 6.0; w 0
解决方式:
在apache的conf文件中添加:
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
如有虚拟站点,每个虚拟都要添加。
相关模块: LoadModule rewrite_module modules/mod_rewrite.so