Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

apache TRACE/TRACK disable

Discussion in 'EasyApache' started by mickalo, Nov 24, 2008.

  1. mickalo

    mickalo Well-Known Member

    Joined:
    Apr 16, 2002
    Messages:
    774
    Likes Received:
    4
    Trophy Points:
    318
    Location:
    N.W. Iowa
    I've been informed that using Apache TRACE/TRACK method is can cause security issues. How does one disable this, couldn't find anything in the httpd.conf file referencing this. We running Apache 2.2.10 w/latest Stable Cpanel.

    Thx's

    Mike
     
    #1 mickalo, Nov 24, 2008
  2. nickp666

    nickp666 Well-Known Member

    Joined:
    Jan 28, 2005
    Messages:
    770
    Likes Received:
    2
    Trophy Points:
    168
    Location:
    /dev/null
    mod_security will help in this instance, here is a rule that will do it

    Code:
    # deny TRACE method
SecRule REQUEST_METHOD "trac(?:e|k)" \
	"phase:1,t:lowercase,id:340002,rev:2,severity:2,msg:'TRACE/TRACK method denied'"
     
    #2 nickp666, Nov 25, 2008
  3. mickalo

    mickalo Well-Known Member

    Joined:
    Apr 16, 2002
    Messages:
    774
    Likes Received:
    4
    Trophy Points:
    318
    Location:
    N.W. Iowa
    thanks for the info, we'll add it to mod security rules.

    Mike
     
    #3 mickalo, Nov 25, 2008
(You must log in or sign up to post here.)
Loading...
Similar Threads - apache TRACE TRACK
  1. cPStacy

    EasyApache 3.34.17 Released

    cPStacy, Sep 20, 2017 at 1:56 PM, in forum: EasyApache
    Replies:
    0
    Views:
    23
    cPStacy
    Sep 20, 2017 at 1:56 PM
  2. cPStacy

    EasyApache 4 Update - September 20, 2017

    cPStacy, Sep 20, 2017 at 11:10 AM, in forum: EasyApache
    Replies:
    0
    Views:
    41
    cPStacy
    Sep 20, 2017 at 11:10 AM
  3. ciao70

    Apache (CVE-2017-9798)

    ciao70, Sep 19, 2017 at 11:27 AM, in forum: Security
    Replies:
    1
    Views:
    114
    cPanelMichael
    Sep 19, 2017 at 11:51 AM
  4. Muhammad++

    reset apache config when restore backup and reboot server

    Muhammad++, Sep 19, 2017 at 7:09 AM, in forum: EasyApache
    Replies:
    11
    Views:
    57
    cPanelMichael
    Sep 19, 2017 at 4:03 PM
  5. Neil_948

    Apache end of script issue

    Neil_948, Sep 15, 2017 at 2:44 PM, in forum: EasyApache
    Replies:
    20
    Views:
    220
    rpvw
    Sep 18, 2017 at 6:04 AM

Share This Page