Disabling TRACE method on 2.2.3
12,271
For apache2 this can be done adding to the main httpd.conf file the following:
TraceEnable off
You can test if Trace is On/Off using Curl, like:
curl -v -X TRACE http://www.yourserver.com
Ref.: http://www.ducea.com/2007/10/22/apache-tips-disable-the-http-trace-method/
Author by
OMA
Updated on June 04, 2022Comments
-
OMA almost 2 years
So I am trying to disable the TRACE method in Apache, which is also the problem in this question Disabling TRACE request method on Apache/2.0.52.
I have tried the rewrite rule in the VirtualHost block, Directory block, .htaccess file etc. In addition the TraceEnable Off option in httpd.conf does not work.
This is the output of my testing:
[root@localhost user]# nc www.domain.com 80 TRACE / HTTP/1.1 Host: www.domain.com VAR1:test HTTP/1.1 200 OK Date: Wed, 22 Aug 2012 13:37:38 GMT Server: Apache/2 Transfer-Encoding: chunked Content-Type: message/http 3c TRACE / HTTP/1.1 Host: www.domain.com VAR1: test 0
The rewrite rule is :
RewriteEngine on RewriteCond %{REQUEST_METHOD} ^TRACE RewriteRule .* - [F]
Any clues of what might be wrong?
Cheers!