#StackBounty: #centos #apache-httpd #options How to make httpd response 200 for options request?

Bounty: 300

I want to make some configuration on my centos+apache,let httpd server send 200 response when client make a options request.

There is a very old post here(2011).

Returning “200 OK” in Apache on HTTP OPTIONS requests

The configuration may not be fit for current’s os and apache.

If the configuration is in good status,curl -X OPTIONS -i http://remote_ip/remote.html may get 200 return code.

Herre are my tries:

1.cat .htaccess

AuthName "login"  
AuthType Basic  
AuthUserFile /var/www/html/passwd  
require user usernam
Options -Indexes
<LimitExcept OPTIONS>
  Require valid-user
</LimitExcept>

Reboot it with systemctl restart httpd.Error info for command :curl -X OPTIONS -i http://remote_ip/remote.html

<title>500 Internal Server Error</title>
</head><body>
<h1>Internal Server Error</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to complete
your request.</p>

Delet the above config in .htacccess.

2.cat /etc/httpd/conf/httpd.conf.

<Directory "/var/www/html">
    Options Indexes FollowSymLinks
    AllowOverride AuthConfig
    Require all granted
    Header always set Access-Control-Allow-Origin "*"
    Header always set Access-Control-Allow-Methods "POST, GET, PUT, DELETE, OPTIONS"
    Header always set Access-Control-Allow-Credentials "true"
    Header always set Access-Control-Allow-Headers "Authorization,DNT,User-Agent,Keep-Alive,Content-Type,accept,origin,X-Requested-With"
    RewriteEngine On                  
    RewriteCond %{REQUEST_METHOD} OPTIONS 
    RewriteRule ^(.*)$ blank.html [QSA,L]
</Directory>

Reboot it with systemctl restart httpd.Error info for command :curl -X OPTIONS -i http://remote_ip/remote.html

HTTP/1.1 401 Unauthorized
Date: Sat, 08 Sep 2018 00:34:36 GMT
Server: Apache/2.4.6 (CentOS)
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, PUT, DELETE, OPTIONS
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Authorization,DNT,User-Agent,Keep-Alive,Content-Type,accept,origin,X-Requested-With
WWW-Authenticate: Basic realm="login"
Content-Length: 381
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Unauthorized</title>
</head><body>
<h1>Unauthorized</h1>
<p>This server could not verify that you
are authorized to access the document
requested.  Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
</body></html>


Get this bounty!!!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.