CyberKeeda In Social Media

Vulnerabilities : HTTP TRACE Method Enabled Fix.

Here I believe you too have been forced by your Vulnerability Scanner to look for it :)



Normally you will have this enabled by default, but if you want to test if it is really enabled on your server you just have to telnet on the port your web server is running and request for “TRACE / HTTP/1.0” if you get a positive reply it means TRACE is enabled on your system. The output of a server with TRACE enabled will look like:

telnet 127.0.0.1 80 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. TRACE / HTTP/1.0

HTTP/1.1 200 OK Date: Sat, 20 Oct 2015 20:39:36 GMT


Disable HTTP TRACE Method for Apache.



Method - 1

Add this lines to your httpd.conf file.

RewriteEngine On RewriteCond %{REQUEST_METHOD} ^TRACE RewriteRule .* - [F]

Method - 2
Applies: apache 1.3.x / apache 2.0.x Required apache module

Add the below mentioned line to your httpd.conf file

TraceEnable off








No comments:

Post a Comment

Designed By Kunal Saha