You audit should have told you you're running a out of date version of ZCS, with several security issues (in the daemons used) ![8-)]( "Cool")
The standard method to disable TRACE in nginx should work (here for example: https://usavps.com/blog/14641/)
You have to insert it in the nginx config templates used by Zimbra to create the real config files.
The files are here: /opt/zimbra/conf/nginx/templates (the nginx.conf.web.* files).
You might have to redo the modification after each patch/upgrade (because the templates files might be over-written by the patch/upgrade).
The standard method to disable TRACE in nginx should work (here for example: https://usavps.com/blog/14641/)
You have to insert it in the nginx config templates used by Zimbra to create the real config files.
The files are here: /opt/zimbra/conf/nginx/templates (the nginx.conf.web.* files).
You might have to redo the modification after each patch/upgrade (because the templates files might be over-written by the patch/upgrade).
Statistics: Posted by Klug — Thu Nov 21, 2024 8:09 am