Disable HTTP TRACE or TRACK Request In Httpd (Apache)

Disable HTTP Trace or hide Track request method In Apache Web Server, This can be a vulnerability that allows hackers to take unauthorized access to the server. TRACE and TRACK are two HTTP methods request which is used to debug web applications.

Check Out: Load PHP Module For Apache

Disable HTTP TRACE or TRACK Request In httpd (Apache):

We can also use the below configuration code to turn off these methods in the Apache server. you need to add these codes in each virtual host. if you don’t want these code to put then you can simply disable it.

RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)

RewriteRule .* - [F]

By default, That not defined in httpd.conf file. You have to add this by itself. I will show you without adding those lines.

curl -X TRACE localhost

Disable HTTP TRACE

Now add these lines “TraceEnable off” in httpd.conf file.

hide trace apache

Check Out: Install LAMP (Linux, Apache, Mysql, PHP)

Now restart the Apache service

systemctl restart httpd

Again run the below command to make sure you won’t be getting the same output as the previous one. you can use your website domain instead of the localhost. The output should be like this

curl -X TRACE localhost 

turn off apache method

This mean, you have hidden the server information by putting “TraceEnable off“

That’s it. turn off apache method hide trace apache

Share on:

I'm the founder of Curious Viral. I hope this blog will provide you complete information about Linux Technology & I would like to share my technical knowledge with you which I have learned during this period.

Other Posts You May Like...

Leave a comment