apache TRACE/TRACK disable

mickalo · Nov 24, 2008

I've been informed that using Apache TRACE/TRACK method is can cause security issues. How does one disable this, couldn't find anything in the httpd.conf file referencing this. We running Apache 2.2.10 w/latest Stable Cpanel.

Thx's

Mike

nickp666 · Nov 25, 2008

mod_security will help in this instance, here is a rule that will do it

Code:

# deny TRACE method
SecRule REQUEST_METHOD "trac(?:e|k)" \
	"phase:1,t:lowercase,id:340002,rev:2,severity:2,msg:'TRACE/TRACK method denied'"

mickalo · Nov 25, 2008

thanks for the info, we'll add it to mod security rules.

Mike

Thread starter	Similar threads	Forum	Replies	Date
M	SOLVED Wordpress is reporting that the MySQL extension is missing, but EasyApache shows it installed. What's wrong here?	Web Servers and Applications	5	Saturday at 3:49 PM
S	cPanel and Webmin - Apache Administration - SSL Configs	Web Servers and Applications	3	Feb 17, 2021
P	Docker Containers, Apache Vhost, Proxy SubDomains	Web Servers and Applications	9	Jan 26, 2021
K	Apache trace root of problem	Web Servers and Applications	7	Nov 28, 2006
S	can't trace frequent apache crash/automagic restart error	Web Servers and Applications	2	Apr 8, 2005

Search

Search

apache TRACE/TRACK disable

mickalo

Well-Known Member

nickp666

Well-Known Member

mickalo

Well-Known Member