We have zimbra 8.8.15_P46 and our audit has highlighted in https "TRACE" is allowed.
[zimbra@zimbra ~]$ curl -i https://###########:443/css --insecure -X OPTIONS
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 21 Nov 2024 05:48:21 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex
Referrer-Policy: no-referrer
X-Frame-Options: SAMEORIGIN
Allow: GET, HEAD, POST, TRACE, OPTIONS
Is it possible to disable "TRACE" in nginx config.
[zimbra@zimbra ~]$ curl -i https://###########:443/css --insecure -X OPTIONS
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 21 Nov 2024 05:48:21 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex
Referrer-Policy: no-referrer
X-Frame-Options: SAMEORIGIN
Allow: GET, HEAD, POST, TRACE, OPTIONS
Is it possible to disable "TRACE" in nginx config.
Statistics: Posted by DMSE-DESK — Thu Nov 21, 2024 5:58 am