Category Archives: Nikto

Web Server returns a valid response with junk HTTP methods

If you have checked your website for vulnerabilities and found:

Web Server returns a valid response with junk HTTP methods, this may cause false positives.
Code language: JavaScript (javascript)

You can go and edit your httpd.conf file and add to your vhosts this lines:

RewriteEngine On RewriteCond %{REQUEST_METHOD} !^(GET|POST|HEAD) RewriteRule .* - [R=405,L]

After restart apache and check againt it should make you happy 

The anti-clickjacking X-Frame-Options header is not present.

If you have this for your site after scanning:

The anti-clickjacking X-Frame-Options header is not present.

Go to apache httpd.conf and add to the bottom of the file

Header always append X-Frame-Options SAMEORIGIN

After restart the apache server

FOR UBUNTU 20.04:

First enable mod headers and restart apache2

a2enmod headers systemctl restart apache2

go to /etc/apache2/conf-enabled/security.conf:

pico /etc/apache2/conf-enabled/security.conf

find

# # Setting this header will prevent other sites from embedding pages from this # site as frames. This defends against clickjacking attacks. # Requires mod_headers to be enabled. # #Header set X-Frame-Options: "sameorigin"
Code language: PHP (php)

Uncomment Header set X-Frame-Options: “sameorigin” to look like this:

# # Setting this header will prevent other sites from embedding pages from this # site as frames. This defends against clickjacking attacks. # Requires mod_headers to be enabled. # Header set X-Frame-Options: "sameorigin"
Code language: PHP (php)

And restart apache2 again:

systemctl restart apache2

Tutorial: How to Disable Track and Trace in apache (TraceEnable Off)

In this simple tutorial I show how to check and disable Apache track and trace. The operating system is CentOS 7 but it can work for CentOS 8 and other distros.

Nikto error: Allowed HTTP Methods: TRACE

If you want to disable TRACE methods go to httpd.conf and add to the bottom:

TraceEnable Off