The Apache server shuts down the TRACE Method request method

TRACE and TRACK are HTTP modes for debugging web server connections. Servers that support this approach have cross-site scripting vulnerabilities, and "Cross-Site-Tracing" is often referred to as XST for short when describing various browser flaws. Attackers can exploit this vulnerability to trick legitimate users into getting their private information.

How do I close TRACE requests for Apache

The & # 8226; Host users can filter TRACE requests by adding the following code to the.htaccess file:

RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]

The & # 8226; The server user can restart apache after adding the following command at the end of httpd.conf:

TraceEnable off

If it is your own server, you can easily set up, if it is the virtual host you buy, you can find idc service provider to let them help you to shut down, 1 they will recommend you to use the first method.

Attachment: another one

For Apache servers of version 2.0.55 or above, TraceEnable off can be added at the end of httpd.conf

2. If you are using Apache: - verify that the rewrite module is activated (httpd.conf, no # before the first line below) :

LoadModule rewrite_module modules/mod_rewrite.so

- add the following statements to the configuration files of each virtual host:

RewriteEngine OnRewriteCond %{REQUEST_METHOD} ^TRACERewriteRule .*

- [F] note: you can search VirtualHost to determine the virtual host profile in httpd.conf.