Disable HTTP Trace on gerrit
169 views
Skip to first unread message
lingalugari mohankrishna
Jan 17, 2025, 12:49:41 AMJan 17
to Repo and Gerrit Discussion
Hi Experts,
We have a security team which scans all the servers and raises standard vulnerabilities. We got a vulnerability for gerrit server that it supports HTTP "TRACE" method. Currently we are on 3.6.8 version
Any idea on how to disable it on F5 ?
why gerrit has a support of TRACE method ?
Regards,
Mohan. L
Mohan. L
Matthias Sohn
Jan 21, 2025, 8:13:36 PMJan 21
to lingalugari mohankrishna, Repo and Gerrit Discussion
You can disable it e.g. by editing the application's web.xml file, see [1].
Regards,
Mohan. L--
--
To unsubscribe, email repo-discuss...@googlegroups.com
More info at http://groups.google.com/group/repo-discuss?hl=en
---
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/repo-discuss/7c487749-dda8-4bea-9760-561adfabba18n%40googlegroups.com.
Maria Helena Braga
May 21, 2025, 9:22:46 AMMay 21
to Repo and Gerrit Discussion
Hi Mohan. L
Were you able to disable the TRACE?
Could you please describe how you did it? I need to do the same but I'm having issues... I tried Matthias suggestion to edit the web.xml file but it didn't disable the TRACE for me.
I also tried to limit the methods via Nginx, but it also wasn't successfull.
Thanks,
Maria H.
lingalugari mohankrishna
May 22, 2025, 7:28:17 AMMay 22
to Repo and Gerrit Discussion
Hello Helena,
We have F5 as a Load balancer and we have created separate i-Rule to block TRACE Requests. Even modifying web.xml didn't worked for me.
Regards,
Mohan. L
We have F5 as a Load balancer and we have created separate i-Rule to block TRACE Requests. Even modifying web.xml didn't worked for me.
Regards,
Mohan. L
Reply all
Reply to author
Forward
0 new messages