Posted on July 24, 2013 at 11:03 am

TRACE and TRACK are HTTP request methods used for debugging purposes. Having these request methods enabled in your web server may lead to security risk that may compromise the security of your website and an attacker may manipulate these HTTP request methods to steal sensitive data of users.

Disable Trace and Track with mod_rewrite

Add these lines of code in your .htaccess file:

RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]

Returns a 403 Forbidden error response to the attacker.

Disable Trace with Apache

Edit this Apache configuration file:

/etc/apache2/conf.d/security

Disable TRACE:

TraceEnable Off

Reload Apache:

/etc/init.d/apache2 reload

Updated on October 22, 2013 at 4:01 pm

Other Posts

• Route OpenVPN Connections Through Floating IP
• How to Configure a Floating IP in a VPS (Hetzner)
• Set OpenVPN to Listed on a Specific IP Address
• Bash Trim Leading and Trailing Whitespace from a String
• Bash Get Name of Ethernet Network Interface
• VPN Providers with Dedicated Static IP Address
• OpenVPN Iptables Rules
• WireGuard VPN Iptables Rules

Updated Posts

• AMD Chipsets & Graphics Card Drivers for Windows 7, 8, 10
• AMD Radeon 7400 Drivers for Windows 10
• How to pass custom command-line parameters in InnoSetup
• Add Desktop shortcut for all Windows PC users
• Programmatically create desktop icon with InnoSetup
• GeneratePress - a Lightweight WordPress Theme 2021
• InnoSetup disable DesktopIcon via command-line
• Use cURL to authenticate with JWT Bearer tokens