关于Appach的TRACE远程请求漏洞关闭与测试

(1). 首先打开cmd命令行窗口,
(2). 输入 telnet xxx.xxx.xx.xx 8080 (你的 ip + port),回车一次
(3). 输入 Ctrl + ] , 回车一次,
(4). 输入 TRACE / HTTP/1.0 , 回车一次,
(5). 输入 X-Test: abcde , 回车两次然后看输出结果

  1. 返回就是405 Method not Allowed, 说明TRACE方法已经关闭,
  2. 如果返回是200 OK,说明需要手动关闭。

解决方法
3. 在tomcat的web.xml配置文件中加入:

    <security-constraint>  
	    <web-resource-collection>  
		      <url-pattern>/*</url-pattern>  
		      <http-method>PUT</http-method>  
		      <http-method>DELETE</http-method>  
		      <http-method>HEAD</http-method>  
		      <http-method>OPTIONS</http-method>  
		      <http-method>POST</http-method>	  
	    </web-resource-collection>  
	    <auth-constraint>  
	    </auth-constraint>  
</security-constraint>
  1. 在springboot中,使用了自带的tomcat,则需要加入一个配置类:

    @Configuration
     public class TomcatConfig {
     	@Bean
         public TomcatServletWebServerFactory servletContainer() {
             TomcatServletWebServerFactory tomcatServletContainerFactory = new TomcatServletWebServerFactory() {
                 @Override
                 protected void postProcessContext(Context context) {
                     SecurityConstraint constraint = new SecurityConstraint();
                     constraint.setUserConstraint("CONFIDENTIAL");
                     SecurityCollection collection = new SecurityCollection();
                     collection.addPattern("/*");
                     collection.addPattern("/ywyydsj/*");
     	            collection.addMethod("HEAD");
     	            collection.addMethod("PUT");
     	            collection.addMethod("PATCH");
     	            collection.addMethod("DELETE");
     	            collection.addMethod("OPTIONS");
     	            collection.addMethod("TRACE");
     	            collection.addMethod("COPY");
     	            collection.addMethod("SEARCH");
     	            collection.addMethod("PROPFIND");
     	            constraint.addCollection(collection);
     	            constraint.setAuthConstraint(true);
     	            context.addConstraint(constraint);
     	            context.setUseHttpOnly(true);
                     constraint.addCollection(collection);
                     context.addConstraint(constraint);
                 }
             };
             tomcatServletContainerFactory.addConnectorCustomizers(connector -> {
                 connector.setAllowTrace(true);
             });
             return tomcatServletContainerFactory;
         }
      
     }
    
  2. 也可以加入一个filter类过滤掉不合法的请求方法:

     import java.io.IOException;
     
     import javax.servlet.Filter;
     import javax.servlet.FilterChain;
     import javax.servlet.FilterConfig;
     import javax.servlet.ServletException;
     import javax.servlet.ServletRequest;
     import javax.servlet.ServletResponse;
     import javax.servlet.http.HttpServletRequest;
     import javax.servlet.http.HttpServletResponse;
     
     import org.springframework.stereotype.Component;
    
     @Component
     public class HttpMethodFilter implements Filter{
    
     @Override
     public void init(FilterConfig filterConfig) throws ServletException {
         
     }
    
     @Override
     public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
             throws IOException, ServletException {
          HttpServletRequest req = (HttpServletRequest) request;
             HttpServletResponse res = ((HttpServletResponse) response); 
             String method=req.getMethod();
             if("TRACE".equals(method)||"TRACK".equals(method)){
                 res.setHeader("Allow", "HEAD, DELETE, POST, GET, OPTIONS, PUT");
                 res.setStatus(405);
                 return;
             }
             chain.doFilter(req, res);
     }
    
     @Override
     public void destroy() {
         // TODO Auto-generated method stub
         
     }
    

    }


版权声明:本文为weixin_36723134原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接和本声明。