How to disable Apache TRACK/TRACE methods?

Problem

Vulnerabilities in HTTP TRACE/TRACE Method Vulnerability is a Low risk vulnerability that is one of the most frequently found on networks around the world. This issue has been around since at least 1990 but has proven either difficult to detect, difficult to resolve or prone to being overlooked entirely.

Solution

  • Go to the machine where AppLoader or AppsWatch is installed
  • Find the httpd.conf file in [AppLoader/webserve/conf] or [AppsWatch/webserv/conf] folder
  • Add the following after [AcceptFilter http none] if missing:
    • # disabled TRACE
      TraceEnable Off
      # disable TRACK
      RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) [NC]
      RewriteRule ^.* - [F]