Have you tried MySQLTuner yet? It's free and it makes optimizing your MySQL server easier than ever!

« Use a different IP for sending mail
Postfix: 554 Relay access denied »
28 08 2007

Apache: Disable TRACE and TRACK methods

Posted by: major in Security, Web

Lots of PCI Compliance and vulnerability scan vendors will complain about TRACE and TRACK methods being enabled on your server. Since most providers run Nessus, you’ll see this fairly often. Here’s the rewrite rules to add:

RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]

These directives will need to be added to each VirtualHost.

Further reading:
Apache Debugging Guide

Share and Enjoy:
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google
  • Reddit
  • Slashdot
  • StumbleUpon
  • Technorati
  • TwitThis

This entry was posted on Tuesday, August 28th, 2007 at 6:27 pm and is filed under Security, Web.You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

2 Responses to “Apache: Disable TRACE and TRACK methods”
  1. ace says: August 29th, 2007 at 1:34 pm

    For apache version 1.3.34 (or later 1.3.x versions), or apache 2.0.55 (or later), this has been made easy. Just add the line TraceEnable off

  2. Racker Hacker » Posts In Progress » Plesk: Disabling TRACE/TRACK methods globally says: April 23rd, 2008 at 6:40 pm

    [...] always been a bit of a challenge to disable TRACE and TRACK methods with Plesk. The only available options were to create a ton of [...]

Leave a Reply

You must be logged in to post a comment. Login »