From 7cd6f8086c9c3d8e20b3cc2301c927e8216d7d49 Mon Sep 17 00:00:00 2001
From: Jim Jagielski
Date: Tue, 20 Mar 2012 12:08:25 +0000
Subject: [PATCH] Note that TRACE is not a vuln
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1302855 13f79535-47bb-0310-9956-ffa450edef68
---
docs/manual/mod/core.xml | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/docs/manual/mod/core.xml b/docs/manual/mod/core.xml
index f8147140cf..852e62174a 100644
--- a/docs/manual/mod/core.xml
+++ b/docs/manual/mod/core.xml
@@ -4201,6 +4201,13 @@ certain events before failing a request
Transfer-Encoding: chunked
is used). The core will
reflect the full headers and all chunk headers with the response
body. As a proxy server, the request body is not restricted to 64k.
+
+ Note
+ Despite claims to the contrary, TRACE
is not
+ a security vulnerability and there is no viable reason for
+ it to be disabled. Doing so necessarily makes your server
+ non-compliant.
+
--
2.40.0