Posted on July 24, 2013 at 11:03 am

TRACE and TRACK are HTTP request methods used for debugging purposes. Having these request methods enabled in your web server may lead to security risk that may compromise the security of your website and an attacker may manipulate these HTTP request methods to steal sensitive data of users.

Disable Trace and Track with mod_rewrite

Add these lines of code in your .htaccess file:

RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]

Returns a 403 Forbidden error response to the attacker.

Disable Trace with Apache

Edit this Apache configuration file:

/etc/apache2/conf.d/security

Disable TRACE:

TraceEnable Off

Reload Apache:

/etc/init.d/apache2 reload

Updated on October 22, 2013 at 4:01 pm

Other Posts

• How to Find PHP.ini Location
• How to Enable Display of Errors in PHP
• Go One Directory Level Up/Back with Dirname() in PHP
• Save a String to File in Python
• Create a File Name with Current Date & Time in Python
• Get Current Script Path in Python
• Python Wildcard Search a String or Array
• Get Current Script Path in PHP

Updated Posts

• api-ms-win-crt-runtime-l1-1-0.dll is missing
• jQuery Get File Extension Before Uploading File
• Estimate Number of Visitors and Pageviews of any Website
• How to Configure OVH Email POP3 with Thunderbird
• Simple jQuery File Upload SimpleUpload.js
• Repeat AJAX GET Until a Specific Response is Met in jQuery
• Calculate Elapsed Time of a Function in jQuery
• Convert Seconds to H:M:S in jQuery