Table of ContentsView in Frames

Using HTTP options to restrict access

The HTTP options restrict access to HTTP services from specified hosts and from specified interfaces.

Step

  1. Perform one of the following actions:
    If you want to... Configure the option...
    Restrict access to HTTP services httpd.access
    Enable or disable support for the HTTP TRACE method httpd.method.trace.enable

    By default, this option is off. The HTTP TRACE method allows an HTTP client to see what is being received at the other end of the request chain, for debugging purposes. (For more information, see RFC 2616.) However, attackers can leverage the HTTP TRACE method in conjunction with cross-domain browser vulnerabilities to read sensitive header information from third-party domains. For more information, search for Vulnerability Note 867593 in the United States Computer Emergency Readiness Team Vulnerability Notes Database at www.cert.org.

Examples

In the following example, only host Host1 is allowed access through interface e3 to the HTTPD services on storage system Filer1:

Filer1> options httpd.access host=Host1 AND if=e3