Trace and track are the HTTP methods used to debug web server connections. The server that supports this method has a cross-site scripting vulnerability. When describing various browser defects, the cross-site-tracing vulnerability is referred to as XST. Attackers can exploit this vulnerability to fool legitimate users and obtain their personal information.
How to disable Apache TRACE requests
• VM users can add the following code to the. htaccess file to filter TRACE requests:
Rewriteengine on
Rewritecond % {request_method} ^ (trace | track)
Rewriterule. *-[F]
• The Server user adds the following command at the end of httpd. conf and then restarts Apache:
Traceenable off
If it is your own server, you can easily set up it. If it is a purchased virtual host, you can ask the IDC service provider to ask them to help you close it. Generally, they will suggest you use the first method.