Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Disable Track and Trace in apache

I have Apache 2.2.22 in suse Linux. I want to disable track & trace in Apache and use 1- TraceEnable Off and 2- RewriteEngine on

RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F] .

but of 2 way don't work.

like image 602
Kobra Ghahremani Avatar asked May 20 '12 12:05

Kobra Ghahremani


People also ask

What is http trace track methods?

TRACE and TRACK are HTTP methods that are used to debug web server connections. A local or remote unprivileged user may be able to abuse the HTTP TRACE/TRACK functionality to gain access to sensitive information in HTTP headers when making HTTP requests.

How do I disable trace method in IBM HTTP server?

Note that for IBM HTTP Server 7.0 and later, the only method to disable TRACK is via mod_rewrite. Since IHS doesn't do anything with TRACK, there is no directive to "disable" it.


1 Answers

In Apache2 you can just add TraceEnable Off in httpd.conf (end of file)

TraceEnable Off

To check if Trace is On/Off you can use Curl:

curl -v -X TRACE http://www.yourserver.com
like image 154
Slipstream Avatar answered Sep 19 '22 17:09

Slipstream