How to disable HTTP trace option for WAF/Web Server

Disclaimer: This information is posted as-is and the content should be referenced at your own risk

Special thanks to  for authoring this article!

Overview

This article describes the steps to disable the HTTP trace option in the WAF module as it is by default enabled in the UTM. The steps below are needed if there is an issue with PCI compliance which affects Vulnerability CVE-2004-2320 and CVE-2007-3008.

What to do

  1. Connect to the UTM via SSH as a root user.

  2. Enter the following commands.

    cc
    reverse_proxy
    trace_enabled$
    =0
    exit



  3. HTTP trace is now disabled. To enable it, change the command =0 to =1.
  4. Or you can simply enter the following command:

    cc set reverse_proxy trace_enabled 1



  5. To check the status of the HTTP trace option, you should enter the following command: cc get reverse_proxy trace_enabled If the output is it means that HTTP trace option is enabled and if the output is it means that HTTP trace option is disabled. You should get output zero after following the steps mentioned earlier.

Using the above steps, you should be able to disable the HTTP trace in the Reverse proxy module of Sophos UTM. You can always Open a Support Case to contact Sophos Technical Support if you need any assistance.

Reference

https://community.sophos.com/kb/en-us/135031

 

Have a suggestion for a new video? Please visit our User Assistance forum on the Community to share your idea! https://community.sophos.com/community-chat/f/user-assistance-feedback

Parents
  • Thanks, Jaydeep.  Seeing this, I would prefer to make the change via a single command:

    cc reverse_proxy trace_enabled 0

    Cheers - Bob
    PS Please have the author of the KB article add an exit to the cc commands.

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Thanks, Jaydeep.  Seeing this, I would prefer to make the change via a single command:

    cc reverse_proxy trace_enabled 0

    Cheers - Bob
    PS Please have the author of the KB article add an exit to the cc commands.

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children