Posted on July 24, 2013 at 11:03 am

TRACE and TRACK are HTTP request methods used for debugging purposes. Having these request methods enabled in your web server may lead to security risk that may compromise the security of your website and an attacker may manipulate these HTTP request methods to steal sensitive data of users.

Disable Trace and Track with mod_rewrite

Add these lines of code in your .htaccess file:

RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]

Returns a 403 Forbidden error response to the attacker.

Disable Trace with Apache

Edit this Apache configuration file:

/etc/apache2/conf.d/security

Disable TRACE:

TraceEnable Off

Reload Apache:

/etc/init.d/apache2 reload

Updated on October 22, 2013 at 4:01 pm

Other Posts

• How to Disable Hibernation on Windows 10
• Disable Windows Defender on Windows 10 via Regedit
• Install Latest NVIDIA Drivers for Windows 10
• How to improve security of encrypted hard disks
• Get Server IP Address with Ifconfig and IP in Bash
• bash: ipconfig: command not found
• Check if a number is within a range in bash
• Linux Commands to Check HDD from Rescue Mode

Updated Posts

• Double Opt-in Email Newsletter Made Right (by Yoast)
• Let's Encrypt on Nginx and SSL Grade A+
• Free Email Ticketing Systems for Startups
• Delphi URLEncode like PHP
• Delphi Function to Parse JSON Unicode Chars
• Ask Users What Features They Need (Product Roadmap)
• Make Your Domain Emails Not Spoofeable
• Create Documentations Easily with GitBook