apache TRACE/TRACK disable

mickalo · Nov 24, 2008

I've been informed that using Apache TRACE/TRACK method is can cause security issues. How does one disable this, couldn't find anything in the httpd.conf file referencing this. We running Apache 2.2.10 w/latest Stable Cpanel.

Thx's

Mike

nickp666 · Nov 25, 2008

mod_security will help in this instance, here is a rule that will do it

Code:

# deny TRACE method
SecRule REQUEST_METHOD "trac(?:e|k)" \
	"phase:1,t:lowercase,id:340002,rev:2,severity:2,msg:'TRACE/TRACK method denied'"

mickalo · Nov 25, 2008

thanks for the info, we'll add it to mod security rules.

Mike

Thread starter	Similar threads	Forum	Replies	Date
B	HTTP/1.0 Connection: keep-alive, but Apache replies with HTTP/1.1 Connection: close?	Web Servers and Applications	5	Thursday at 8:45 AM
N	Installed ea-php81 with easyApache, whm Module Installer says 'path not found.'	Web Servers and Applications	4	Sep 5, 2022
D	Apache syntax error	Web Servers and Applications	1	Aug 28, 2022
K	Apache trace root of problem	Web Servers and Applications	7	Nov 28, 2006
S	can't trace frequent apache crash/automagic restart error	Web Servers and Applications	2	Apr 8, 2005

Search

Search

apache TRACE/TRACK disable

mickalo

Well-Known Member

nickp666

Well-Known Member

mickalo

Well-Known Member