apache TRACE/TRACK disable

mickalo · Nov 24, 2008

I've been informed that using Apache TRACE/TRACK method is can cause security issues. How does one disable this, couldn't find anything in the httpd.conf file referencing this. We running Apache 2.2.10 w/latest Stable Cpanel.

Thx's

Mike

nickp666 · Nov 25, 2008

mod_security will help in this instance, here is a rule that will do it

Code:

# deny TRACE method
SecRule REQUEST_METHOD "trac(?:e|k)" \
	"phase:1,t:lowercase,id:340002,rev:2,severity:2,msg:'TRACE/TRACK method denied'"

mickalo · Nov 25, 2008

thanks for the info, we'll add it to mod security rules.

Mike

Thread starter	Similar threads	Forum	Replies	Date
D	caught SIGTERM, shutting down after EasyApache Update	Web Servers and Applications	10	Jun 3, 2021
A	httpd -DFOREGROUND After Easy Apache Update	Web Servers and Applications	2	Jun 2, 2021
	YUM encountered errors outside of EasyApache 4	Web Servers and Applications	9	May 14, 2021
K	Apache trace root of problem	Web Servers and Applications	7	Nov 28, 2006
S	can't trace frequent apache crash/automagic restart error	Web Servers and Applications	2	Apr 8, 2005

Search

Search

apache TRACE/TRACK disable

mickalo

Well-Known Member

nickp666

Well-Known Member

mickalo

Well-Known Member