1
運行我的HTTP的NodeJS服務器上nmap
我得到:HTTP的NodeJS服務器 - 禁用HTTP方法,跟蹤TRACE等
nmap -p 443 --script http-methods localhost
Starting Nmap 6.40 (http://nmap.org) at 2016-10-28 11:26 BST
Nmap scan report for localhost
Host is up (0.00051s latency).
PORT STATE SERVICE
443/tcp open https
| http-methods: ACL BIND CHECKOUT CONNECT COPY DELETE GET HEAD LINK LOCK M-SEARC H MERGE MKACTIVITY MKCALENDAR MKCOL MOVE NOTIFY PATCH POST PROPFIND PROPPATCH PU RGE PUT REBIND REPORT SEARCH SUBSCRIBE TRACE UNBIND UNLINK UNLOCK UNSUBSCRIBE
| Potentially risky methods: ACL BIND CHECKOUT CONNECT COPY DELETE LINK LOCK M-S EARCH MERGE MKACTIVITY MKCALENDAR MKCOL MOVE NOTIFY PATCH PROPFIND PROPPATCH PUR GE PUT REBIND REPORT SEARCH SUBSCRIBE TRACE UNBIND UNLINK UNLOCK UNSUBSCRIBE
|_See http://nmap.org/nsedoc/scripts/http-methods.html
MAC Address: AB:CD:75:EF:A5:6D (Unknown)
Nmap done: 1 IP address (1 host up) scanned in 0.12 seconds
於是我找禁用一些方法,主要是在「潛在危險的方法:「列表。
這在Apache中相當平凡,但我在NodeJS中看不到任何方式。
This SO question談論編輯節點的C源,但我並不想這樣做。
The node docs顯示一個http.METHODS方法,但那只是一個get。