Posted on July 24, 2013 at 11:03 am

TRACE and TRACK are HTTP request methods used for debugging purposes. Having these request methods enabled in your web server may lead to security risk that may compromise the security of your website and an attacker may manipulate these HTTP request methods to steal sensitive data of users.

Disable Trace and Track with mod_rewrite

Add these lines of code in your .htaccess file:

RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]

Returns a 403 Forbidden error response to the attacker.

Disable Trace with Apache

Edit this Apache configuration file:

/etc/apache2/conf.d/security

Disable TRACE:

TraceEnable Off

Reload Apache:

/etc/init.d/apache2 reload

Updated on October 22, 2013 at 4:01 pm

Other Posts

• PHP Generate Secure Random Passwords
• Google Cloud SQL and Public IP Address Security
• How to use Highlight.js to highlight code
• Nginx HTTP to HTTPS and non-www to www behind Google Load Balancer
• Quota 'IN_USE_ADDRESSES' exceeded. Limit: 8.0 in region
• Only allow Google Load Balancer traffic (Firewall Rules)
• Lost connection during Debian apt-get upgrade
• Bootstrap 3 Navbar with Logo Image

Updated Posts

• PHP StrToTime() Returns Incorrect Timestamp '-1 MONTH'
• PHP Correctly Get Last 12 Months (Month per Month)
• Nginx Redirect From a Website to Another Website
• PHP Multi-cURL to Run Parallel cURL Requests (Example)
• Let's Encrypt on Nginx and SSL Grade A+
• Vertically align Facebook and Twitter share buttons
• Download Windows 10 ISO without Media Creation Tool
• DEB.SURY.ORG Updated the Signing Key (March 2019)