Posted on July 24, 2013 at 11:03 am

TRACE and TRACK are HTTP request methods used for debugging purposes. Having these request methods enabled in your web server may lead to security risk that may compromise the security of your website and an attacker may manipulate these HTTP request methods to steal sensitive data of users.

Disable Trace and Track with mod_rewrite

Add these lines of code in your .htaccess file:

RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]

Returns a 403 Forbidden error response to the attacker.

Disable Trace with Apache

Edit this Apache configuration file:

/etc/apache2/conf.d/security

Disable TRACE:

TraceEnable Off

Reload Apache:

/etc/init.d/apache2 reload

Updated on October 22, 2013 at 4:01 pm

Other Posts

• View All Symlinks in a Directory Tree on Linux
• /etc/init.d/redis-server on Debian 9.5 Stretch
• View Last Time a File was Opened on Debian
• Fix PHP7.0-FPM Installation (Sury.org Packages)
• Server Certificate Verification failed CAfile (apt-get update)
• PDFYeah: Online Cloud-Based PDF Converter
• Create a SOCKS 5 Proxy on Top of a SSH Tunnel on Linux
• Estimate Number of Visitors and Pageviews of any Website

Updated Posts

• Htaccess file for WordPress websites
• How to Create Backups of MySQL via PHP
• Transfer files from a VPS to a FTP web hosting server
• Block Paltalk Ads (and Others) via Hosts file
• E: Sub-process /usr/bin/dpkg returned an error code (2)
• How to Validate JSON in PHP
• The program can’t start because VCRUNTIME140.DLL is missing
• PHP CURL Download Remote URL to File