The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

disable HTTP TRACE method

Discussion in 'Security' started by freshorange, Feb 1, 2010.

  1. freshorange

    freshorange Well-Known Member

    Joined:
    Dec 26, 2007
    Messages:
    45
    Likes Received:
    0
    Trophy Points:
    6
    hello,

    how to disable the HTTP TRACE method on cPanel?
    need your advice

    thank you
     
  2. freshorange

    freshorange Well-Known Member

    Joined:
    Dec 26, 2007
    Messages:
    45
    Likes Received:
    0
    Trophy Points:
    6
    i have try to add

    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} ^TRACE
    RewriteRule .* - [F]

    on httpd.conf on virtual host

    but it still not disable trace method

    any suggestion ?

    need help please
     
  3. cPanelDon

    cPanelDon cPanel Quality Assurance Analyst
    Staff Member

    Joined:
    Nov 5, 2008
    Messages:
    2,557
    Likes Received:
    7
    Trophy Points:
    38
    Location:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    Disabling HTTP TRACE may be accomplished via WHM using the following menu path:
    WHM: Main >> Service Configuration >> Apache Configuration >> Global Configuration
    * TraceEnable: This directive sets the behavior of TRACE requests for both the core server and mod_proxy.
     
  4. freshorange

    freshorange Well-Known Member

    Joined:
    Dec 26, 2007
    Messages:
    45
    Likes Received:
    0
    Trophy Points:
    6
    hello cPanelDon,

    i'm using WHM 11.23.2, its look no feature for apache configuration.
    its another way to disable trace?
    or how to disable trace via comment line (ssh)?

    need your advice

    thanks
     
  5. cPanelDon

    cPanelDon cPanel Quality Assurance Analyst
    Staff Member

    Joined:
    Nov 5, 2008
    Messages:
    2,557
    Likes Received:
    7
    Trophy Points:
    38
    Location:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    Adding the following directive to the Apache configuration file ("httpd.conf") will provide the same effect as when set via WHM in cPanel 11.25:
    Code:
    TraceEnable off
    The Apache configuration file ("httpd.conf") is located at the following file system path:
    Code:
    /usr/local/apache/conf/httpd.conf
    Please see the official Apache documentation for more verbose details regarding the TraceEnable directive:
    Apache HTTP Server Version 2.2 - Apache Core Features - TraceEnable
    Apache HTTP Server Version 2.0 - Apache Core Features - TraceEnable
    Apache HTTP Server Version 1.3 - Apache Core Features - TraceEnable

    Please note that cPanel/WHM version 11.23.2 is significantly out-of-date; I recommend upgrading to at least cPanel 11.24 on STABLE or cPanel 11.25 on RELEASE to receive the latest security updates, new features, and feature enhancements. For additional details and reference information I recommend reviewing the official cPanel Release Notes.
     
  6. freshorange

    freshorange Well-Known Member

    Joined:
    Dec 26, 2007
    Messages:
    45
    Likes Received:
    0
    Trophy Points:
    6
    hello cPanelDon,

    i have successful to disable the trace. thanks

    another question i want to ask about the vulnerability, i want to disable the ssl2 by add the command on /usr/local/apache/conf/ssl.conf :
    SSLProtocol -ALL +SSLv3 +TLSv1
    SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP

    and restart Apache: /etc/init.d/httpd restart

    but when i check using ssl2 it still connected

    any suggestion ?

    need help please
    thank you
     
Loading...

Share This Page