Disable TRACE or TRACK method in Apache web server

If you like to keep your VPS hosting server or dedicated server secure you may need to disable TRACE or TRACK methods for Apache web server. We highly recommended this it is required in order to be PCI Compliant too. 

It is very easy to disable tracing for Apache if you are using a cPanel based VPS or dedicated server.

Here are the steps how to do this:

1. Login to your cPanel's hosting admin panel - Web Hosting Manager (WHM)
2. Then you will see a link Service Configuration. Now click on the link for Apache Configuration
3. Click on the Global Configuration link
4. The second option you will see is "TraceEnable".  Set this option to "Off"
5. Restart the Apache Web Server

After this is done you can test and verify that the Apache TRACE method is disabled for your VPS hosting server or dedicated server.

You can do it either like:

Internal test from SSH Shell:

telnet localhost 80

The response to this should be waiting on a character, proves that the connection can not be made, and can exit from this by pressing Ctrl+c on the keyboard.

External test from a remote web site:

http://web-sniffer.net/

Just can enter your domain name or IP address for your web server and select the button TRACE. After the test finish, you will see in the HTTP Response Headers the following message:

"HTTP Status Code: HTTP/1.1 405 Method Not Allowed"

  • 409 utilizatori au considerat informaţia utilă
Răspunsul a fost util?

Articole similare

Add your own php.ini file to the crontab command

If you want to use your own php.ini in the implementation of cronjobs, add the following to the...

Can I use short tags in PHP scripts

Yes you can. The settings of PHP (short_open_tag) allow you to use short tags in PHP scripts.

How to do URL redirection

You can do URL forwarding from the web hosting control panel. Once logged in click on Redirects....

How to increase the size of uploaded files in PHP

The standard maximum size of the file that you can upload in PHP is 2MB, but some scripts require...

How to turn off register_globals in PHP

In each directory where you want register_global to be turned off, place the following php.ini...