-
Bug
-
Resolution: Unresolved
-
Normal
-
None
-
6.10.0
Description of problem:
The HTTP Options method is not disabled on Satellite-7 by default.
[root@dhcp130-199 httpd]# grep -irn "<Location" ./
./conf.d/05-foreman-ssl.d/katello.conf:1:<LocationMatch /rhsm|/katello/api>
./conf.d/05-foreman.conf:40: <Location "/pulp/isos">
./conf.d/05-foreman.conf:47: <Location "/pulp/repos">
./conf.d/05-foreman.conf:55:<Location /pub>
./conf.d/05-foreman.conf:63: <Location "/pulp/content">
./conf.d/05-foreman.conf:121:<LocationMatch "^/(assets|webpack)">
./conf.d/05-foreman-ssl.conf:46: <Location "/pulpcore_registry/v2/">
./conf.d/05-foreman-ssl.conf:56: <Location "/pulp/isos">
./conf.d/05-foreman-ssl.conf:63: <Location "/pulp/repos">
./conf.d/05-foreman-ssl.conf:71:<Location /pub>
./conf.d/05-foreman-ssl.conf:79: <Location "/pulp/content">
./conf.d/05-foreman-ssl.conf:86: <Location "/pulp/api/v3">
./conf.d/05-foreman-ssl.conf:158:<LocationMatch "^/(assets|webpack)">
[root@dhcp130-199 ~]# curl -k -I -X OPTIONS http://dhcp130-199.gsslab.pnq2.redhat.com/pulp
HTTP/1.1 200 OK
Date: Wed, 16 Feb 2022 08:11:26 GMT
Server: Apache
Allow: OPTIONS,HEAD,GET,POST
Content-Length: 0
- curl -k -I -X OPTIONS http://dhcp130-199.gsslab.pnq2.redhat.com/pulp/api/v3
HTTP/1.1 200 OK
Date: Wed, 16 Feb 2022 08:26:10 GMT
Server: Apache
Allow: OPTIONS,HEAD,GET,POST
Content-Length: 0
Expected results: The above command should return '403 Forbidden'.
- external trackers
