Disable Apache TRACE Request Method

PDF
RACE is used as an input data echo mechanism for the http protocol. This request method is commonly used for debug and other connection analysis activities. Like most other webserver vendors, Apache enables the TRACE Request Method by default. I would suggest to disable the TRACE Request Methods, unless you really need it on your webserver. To disable you can modify Apache's global config file (/etc/httpd/conf/httpd.conf) and add the line: To disable you can modify Apache's global config file (/etc/httpd/conf/httpd.conf) and add the line:
TraceEnable off
An other way to disable the TRACE Request Method is to make use of mod_rewrite and put the following lines in your .htaccess file:
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]

*Note: The Limit or LimitExcept directive in the httpd.conf file does not appear to be able to restrict TRACE.
 

Please login first before adding a comment.

Search






You are here: Home Howtos and FAQs Apache Disable Apache TRACE Request Method