HTTP TRACE method in detail - Perl Source code implementation
A TRACE method HTTP request initiates a "loopback" diagnostic at the destination server. The destination server bounces back a TRACE response, with the virgin request message it received in the body of its response. A client can then check whether the original request correctly reached destination server or somewhere got changed by proxy or others.
The following diagram clearly explains the TRACE request :
The TRACE method is used primarily for diagnostics; i.e., verifying that requests are going through the request/response chain as intended. It's also a good tool for seeing the effects of proxies and other applications on your requests. For more click here
The simple perl program implementation of http TRACE method is as follows :
#!/usr/local/bin/perl -w
use strict;
use HTTP::Status;
use HTTP::Response;
use LWP::UserAgent;
use URI::URL;
sub sendandreceive( ) {
my ($method, $path) = @_;
# Create a User Agent object
my $ua = new LWP::UserAgent;
$ua->agent("hcat/1.0");
# Ask the User Agent object to request a URL.
# Results go into the response object (HTTP::Reponse).
my $request = new HTTP::Request($method,$path);
my $response = $ua->request($request);
# Parse/convert the response object for "easier reading"
my $code=$response->code;
my $desc = HTTP::Status::status_message($code);
my $headers=$response->headers_as_string;
my $body = $response->content;
$body = $response->error_as_HTML if ($response->is_error);
return ($code, $desc, $headers, $body);
}
print "Enter the url \n";
my $url=<STDIN>;
chomp $url;
my ($code, $desc, $headers, $body)=&sendandreceive('GET', $url);
print $code,"\n",$headers,"\n",$desc,"\n",$body,"\n";
1 Response to HTTP TRACE method in detail - Perl Source code implementation
The perl code is in this post is valid, but doesn't use the TRACE method -- instead, it inexplicably uses GET. If you merely replace GET with TRACE, it works as advertised.
Consider adding that you should disable this feature on Production servers, by adding this to your VirtualHost definition in the httpd configuration.
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
You could improve this article by including what a normal TRACE response looks like, when output from your script (and maybe what the Forbidden result looks like, when the config above is applied.
Something to say?