Posted on July 24, 2013 at 11:03 am

TRACE and TRACK are HTTP request methods used for debugging purposes. Having these request methods enabled in your web server may lead to security risk that may compromise the security of your website and an attacker may manipulate these HTTP request methods to steal sensitive data of users.

Disable Trace and Track with mod_rewrite

Add these lines of code in your .htaccess file:

RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]

Returns a 403 Forbidden error response to the attacker.

Disable Trace with Apache

Edit this Apache configuration file:

/etc/apache2/conf.d/security

Disable TRACE:

TraceEnable Off

Reload Apache:

/etc/init.d/apache2 reload

Updated on October 22, 2013 at 4:01 pm

Other Posts

• Customer emails don't show up in Zendesk
• Get Windows 7, 8, 10 License Information
• Cheapest Alternatives to Mailchimp, Sendinblue, Sendgrid
• Convert InnoSetup EXE Installer to MSI
• Get Serial Number of CPU, RAM, Motherboard, HDD
• Get Number of Intel Processor Cores via Registry
• Zendesk Remove [Business Name] from Email Subject on Ticket Replies
• Best Text-to-Speech (TTS) Web Services with Human Voices

Updated Posts

• Exclude Packages from Apt-Get Upgrade on Debian Linux
• Should I reboot Debian server after apt-get upgrade?
• Download and Install OpenVPN Client on Windows 10
• How to List All Iptables NAT Rules
• How to List INPUT, FORWARD, OUTPUT Iptables Rules
• OpenVPN Iptables Rules
• Parse or Split FTP URL in Delphi XE using TIdURI
• Public FTP Server to Test Upload and Download