Posted on July 24, 2013 at 11:03 am

TRACE and TRACK are HTTP request methods used for debugging purposes. Having these request methods enabled in your web server may lead to security risk that may compromise the security of your website and an attacker may manipulate these HTTP request methods to steal sensitive data of users.

Disable Trace and Track with mod_rewrite

Add these lines of code in your .htaccess file:

RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]

Returns a 403 Forbidden error response to the attacker.

Disable Trace with Apache

Edit this Apache configuration file:

/etc/apache2/conf.d/security

Disable TRACE:

TraceEnable Off

Reload Apache:

/etc/init.d/apache2 reload

Updated on October 22, 2013 at 4:01 pm

Other Posts

• PHP Display Date Same as Server HTTP Headers Date
• Google Cloud Load Balancer Firewall Rules
• Create Instance Template out of Disk Snapshot on Google Cloud
• Get User IP Address From Google Cloud Load Balancer
• Connect as Root using WinSCP on Google Cloud Compute Engine
• Become Root on Google Cloud Compute Engine VMs
• Connect to Google Cloud Compute Engine VM via PuTTY SSH
• DigitalOcean Slow, My Experience

Updated Posts

• PHP GetHostByAddr() Slow? Make it Faster
• PHP GetHostByName() Slow? Make it Faster
• How to Match Newline with Strpos() in PHP
• Use PHP Strpos() to Check if a String Starts with
• How to Run a Command with Time Limit in Bash Linux
• Unable to extract and upload PackageInfo.xml
• Stop Bad Bots from Crawling Your Website
• DEB.SURY.ORG Updated the Signing Key (March 2019)