Posted on July 24, 2013 at 11:03 am

TRACE and TRACK are HTTP request methods used for debugging purposes. Having these request methods enabled in your web server may lead to security risk that may compromise the security of your website and an attacker may manipulate these HTTP request methods to steal sensitive data of users.

Disable Trace and Track with mod_rewrite

Add these lines of code in your .htaccess file:

RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]

Returns a 403 Forbidden error response to the attacker.

Disable Trace with Apache

Edit this Apache configuration file:

/etc/apache2/conf.d/security

Disable TRACE:

TraceEnable Off

Reload Apache:

/etc/init.d/apache2 reload

Updated on October 22, 2013 at 4:01 pm

Other Posts

• How to List All Iptables NAT Rules
• Parse or Split FTP URL in Delphi XE using TIdURI
• How to Download a File via FTP in Delphi XE
• Public FTP Server to Test Upload and Download
• How to Parse Command-Line Arguments in Bash
• How to Make Iptables Rules Persistent
• Bash Install Iptables-Persistent Automatically
• Route OpenVPN Connections Through Floating IP

Updated Posts

• How to fix "Clickable elements too close together"
• How to fix "Text too small to read"
• Create Custom Rest Endpoints for WP Rest API
• Timestamp URLs for SHA1 SHA256 Code Sign 2021
• PHP Multi-cURL to Run Parallel cURL Requests (Example)
• The following signatures were invalid: EXPKEYSIG B188E2B695BD4743
• Best Clean Monospace Web Fonts 2021
• Add New Path to Delphi 10.4 Sydney on Library Path