Disabling TRACE method on 2.2.3

http xss trace apache

12,271

For apache2 this can be done adding to the main httpd.conf file the following:

TraceEnable off

You can test if Trace is On/Off using Curl, like:

curl -v -X TRACE http://www.yourserver.com

Ref.: http://www.ducea.com/2007/10/22/apache-tips-disable-the-http-trace-method/

12,271

Author by

OMA

Updated on June 04, 2022

Comments

OMA almost 2 years
So I am trying to disable the TRACE method in Apache, which is also the problem in this question Disabling TRACE request method on Apache/2.0.52.

I have tried the rewrite rule in the VirtualHost block, Directory block, .htaccess file etc. In addition the TraceEnable Off option in httpd.conf does not work.

This is the output of my testing:
```
[root@localhost user]# nc www.domain.com 80
TRACE / HTTP/1.1
Host: www.domain.com
VAR1:test

HTTP/1.1 200 OK
Date: Wed, 22 Aug 2012 13:37:38 GMT
Server: Apache/2
Transfer-Encoding: chunked
Content-Type: message/http

3c
TRACE / HTTP/1.1
Host: www.domain.com
VAR1: test

0
```
The rewrite rule is :
```
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]
```
Any clues of what might be wrong?

Cheers!

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?

How to troubleshoot crashes detected by Google Play Store for Flutter app

Cupertino DateTime picker interfering with scroll behaviour

Why does awk -F work for most letters, but not for the letter "t"?

Flutter change focus color and icon color but not works

How to print and connect to printer using flutter desktop via usb?

Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0

Flutter Dart - get localized country name from country code

navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage

Android Sdk manager not found- Flutter doctor error

Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)

How to change the color of ElevatedButton when entering text in TextField

Related

How to isolate the HTTP headers/body from a PHP Sockets request

HTTP SSL Proxy with Java Apache HttpClient

HTTP 500 Internal Server error when uploading files

RewriteRule not working

java.lang.IllegalArgumentException: Host name may not be null, while firing a get request

"main" java.lang.NoClassDefFoundError: org/apache/http/HttpEntity

configuring ProxyPass on .htaccess to show tomcat through apache http server

HTTPs over a proxy with apache http client

gerrit http authentication

Android HTTP GET parameters