Posted on July 24, 2013 at 11:03 am

TRACE and TRACK are HTTP request methods used for debugging purposes. Having these request methods enabled in your web server may lead to security risk that may compromise the security of your website and an attacker may manipulate these HTTP request methods to steal sensitive data of users.

Disable Trace and Track with mod_rewrite

Add these lines of code in your .htaccess file:

RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]

Returns a 403 Forbidden error response to the attacker.

Disable Trace with Apache

Edit this Apache configuration file:

/etc/apache2/conf.d/security

Disable TRACE:

TraceEnable Off

Reload Apache:

/etc/init.d/apache2 reload

Updated on October 22, 2013 at 4:01 pm

Other Posts

• Convert POST Fields to Objects in jQuery
• How to Sleep/Wait in jQuery (Synchronous)
• How to Install and Configure Mitmproxy on Windows
• Exclude Packages from Apt-Get Upgrade on Debian Linux
• What is the Correct JSON Content-Type for HTTP Headers?
• What to Select on GRUB-PC Configuration "Install Devices"
• How to Permanently Run NodeJs Script in Background
• How to Stop NodeJs Puppeteer Follow Redirects

Updated Posts

• 3 Cards in a Row with Bootstrap 4.4
• Debug 502 Errors in Google Cloud Load Balancer
• Python if-then-else in one line example
• How to urlencode() an URL in Python3
• How to Install Python PIP on Debian
• Install Required Fonts for Puppeteer
• Passing a boolean through HTTP GET request
• PHP Convert Boolean to String