Note that TRACE is not a vuln

author Jim Jagielski <jim@apache.org>

Tue, 20 Mar 2012 12:08:25 +0000 (12:08 +0000)

committer Jim Jagielski <jim@apache.org>

Tue, 20 Mar 2012 12:08:25 +0000 (12:08 +0000)
author Jim Jagielski <jim@apache.org>
Tue, 20 Mar 2012 12:08:25 +0000 (12:08 +0000)
committer Jim Jagielski <jim@apache.org>
Tue, 20 Mar 2012 12:08:25 +0000 (12:08 +0000)
diff --git a/docs/manual/mod/core.xml b/docs/manual/mod/core.xml

index f8147140cfd499a3238ed11e09f18b3f6d8529b2..852e62174ae74fad32b10488810b973a322dc213 100644 (file)
--- a/docs/manual/mod/core.xml
+++ b/docs/manual/mod/core.xml
@@ -4201,6 +4201,13 @@ certain events before failing a request</description>
      <code>Transfer-Encoding: chunked</code> is used).  The core will
      reflect the full headers and all chunk headers with the response
      body.  As a proxy server, the request body is not restricted to 64k.</p>
+
+    <note><title>Note</title>
+    <p>Despite claims to the contrary, <code>TRACE</code> is not
+    a security vulnerability and there is no viable reason for
+    it to be disabled. Doing so necessarily makes your server
+    non-compliant.</p>
+    </note>
  </usage>
  </directivesynopsis>
author	Jim Jagielski <jim@apache.org>
	Tue, 20 Mar 2012 12:08:25 +0000 (12:08 +0000)
committer	Jim Jagielski <jim@apache.org>
	Tue, 20 Mar 2012 12:08:25 +0000 (12:08 +0000)