Menu
So I am trying to disable the TRACE method in Apache, which is also the problem in this question Disabling TRACE request method on Apache/2.0.52.
I have tried the rewrite rule in the VirtualHost block, Directory block, .htaccess file etc. In addition the TraceEnable Off option in httpd.conf does not work.
This is the output of my testing:
[root@localhost user]# nc www.domain.com 80
TRACE / HTTP/1.1
Host: www.domain.com
VAR1:test
HTTP/1.1 200 OK
Date: Wed, 22 Aug 2012 13:37:38 GMT
Server: Apache/2
Transfer-Encoding: chunked
Content-Type: message/http
3c
TRACE / HTTP/1.1
Host: www.domain.com
VAR1: test
0
The rewrite rule is :
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]
Any clues of what might be wrong?
Cheers!
516
For apache2 this can be done adding to the main httpd.conf file the following:
TraceEnable off
You can test if Trace is On/Off using Curl, like:
curl -v -X TRACE http://www.yourserver.com
Ref.: http://www.ducea.com/2007/10/22/apache-tips-disable-the-http-trace-method/
99
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
