Posted on July 24, 2013 at 11:03 am

TRACE and TRACK are HTTP request methods used for debugging purposes. Having these request methods enabled in your web server may lead to security risk that may compromise the security of your website and an attacker may manipulate these HTTP request methods to steal sensitive data of users.

Disable Trace and Track with mod_rewrite

Add these lines of code in your .htaccess file:

RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]

Returns a 403 Forbidden error response to the attacker.

Disable Trace with Apache

Edit this Apache configuration file:

/etc/apache2/conf.d/security

Disable TRACE:

TraceEnable Off

Reload Apache:

/etc/init.d/apache2 reload

Updated on October 22, 2013 at 4:01 pm

Other Posts

• PHP Notice: Undefined offset: 1 (Array)
• How to Sleep/Wait/Pause on a NodeJs Function
• How to Run a NodeJs Script
• How to Install a Module/Package/Library in NodeJs
• NodeJs Request.Get Example with Error Handling
• NodeJs HTTPS.Get Example with Error Handling
• How to Find PHP.ini Location
• How to Enable Display of Errors in PHP

Updated Posts

• Detect a failing hard-disk on a Linux server
• Certbot.errors.CertStorageError: expected to be a symlink
• Example hard-disk error logs on a Linux server
• Certbot renew error: Account at does not exist.
• Suspicious online shops from helpandserving@gmail.com
• Nginx Rewrite Rule to Add Slash to The End of Any URL
• Compress Word, Excel and PowerPoint Office Documents
• Download OpenVPN 2.4.7 and TAP-Windows