Ho un server http Nginx con HTTP TRACE abilitato.
Un singolo nmap --script=http-methods.nse host.name
fornisce questo risultato:
Not shown: 988 closed ports
PORT STATE SERVICE VERSION
[...]
80/tcp open http nginx
| http-methods: GET HEAD POST OPTIONS TRACE
| Potentially risky methods: TRACE
|_See http://nmap.org/nsedoc/scripts/http-methods.html
[...]
443/tcp open ssl/http Apache httpd 2.2.15 ((CentOS))
[...]
Service Info: OS: Unix
E il risultato Telnet
:
telnet host.name 80 Trying host.name... Connected to host.name.
Escape character is '^]'.
OPTIONS / HTTP/1.1
Host: foo
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 26 Sep 2012 03:23:23 GMT
Content-Type: httpd/unix-directory
Connection: keep-alive
Allow: GET,HEAD,POST,OPTIONS,TRACE
Content-Length: 0
telnet host.name 80 Trying host.name... Connected to host.name.
Escape character is '^]'.
TRACE / HTTP/1.1
Host: foo
**HTTP/1.1 405 Not Allowed**
Server: nginx
Date: Wed, 26 Sep 2012 03:27:09 GMT
Content-Type: text/html Content-Length: 166
Connection: close
Perché non posso ricevere una risposta di 200?