MistOnline

Apache htaccess

Disable TRACE and TRACK method Apache

Oct 2, 2009

Last updated on June 15th, 2016 at 09:56 am

Disable TRACE and TRACK method Apache Using Htaccess or HTTPD.CONF

An attacker may manipulate the TRACE and TRACK methods to intercept your visitors’ sensitive data. The solution, of course, is disable these methods on your webserver. This is a security vulnerability found in Apache servers.So to disable this just add the below lines.You can add this httpd.conf or .htaccess

How to disable the TRACE and TRACK methods

To disable TRACE and TRACK HTTP methods on your Apache-powered webserver, add the following directives to either your main configuration file or root HTAccess file:

RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]

These directives disable the TRACE and TRACK methods via the following process:

  • RewriteEngine on — enables Apache’s rewrite module (this directive is not required if already present in your htaccess file)
  • RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) — targets all TRACE and TRACK request methods for the following rule
  • RewriteRule .* - [F] — return a 403 Forbidden error response for all matched conditions (i.e., all TRACE and TRACK methods)

(NOTE:- Page updated on 15th Jun 2016. Originally posted on 2nd October 2009)

Related Tutorials:

Related Post

Apache

Apache change MPM prefork to worker module

admin Jan 18, 2016
Apache

Htaccess redirect URL HTTP to HTTPS

admin Oct 16, 2014
Apache XAMPP

Mod_rewrite search engine friendly urls

admin Apr 6, 2014

Leave a Reply

Your email address will not be published. Required fields are marked *