For that I add the following configuration lines in httpd.conf
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]
After that I tried to check whether TRACE method is disabled or
not.
using the following commands.
telnet 172.16.16.25 80
Trying 172.16.16.25...
Connected to 172.16.16.25 (172.16.16.25).
Escape character is '^]'.
TRACE / HTTP/1.1
Host: 172.16.16.25
HTTP/1.1 200 OK
Date: Tue, 26 Feb 2008 21:06:29 GMT
Server: Apache
Transfer-Encoding: chunked
Content-Type: message/http
28
TRACE / HTTP/1.1
Host: 172.16.16.25
0
Connection closed by foreign host.
The output confirms that TRACE method was not disabled.
Please clarify me how to disable HTTP TRACE method.
I am using the following Apache version
Server version: Apache/2.2.8 (Unix)
Server built: Feb 18 2008 12:23:43
