Trace and track are the HTTP methods used to debug Web server connections. There are cross-site scripting vulnerabilities in servers that support this approach, and "cross-site-tracing" is often referred to as XST when describing various browser flaws. Attackers can exploit this vulnerability to deceive legitimate users and get their private information.
How to turn off the Apache trace request
• A virtual host user can add the following code to filter the trace request in the. htaccess file:
Rewriteengine on
Rewritecond%{request_method} ^ (trace| TRACK)
Rewriterule. *-[F]
• Server users restart Apache after adding the following instructions to the httpd.conf tail:
Traceenable off
If it is your own server, you can easily set up, if you are buying a virtual host, you can find IDC service providers to let them help you close, generally they will suggest you use the first method.
Attached: Another article
1.2.0.55 above version of the Apache server, can be added at the end of the httpd.conf: traceenable off
2. If you are using the apache:-confirmation rewrite module activation (httpd.conf, there is no # in front of the line below):
LoadModule Rewrite_module modules/mod_rewrite.so
-Add the following statement to each virtual host's configuration file:
Rewriteengine Onrewritecond%{request_method} ^tracerewriterule. *
-[F] Note: You can search the httpd.conf for VirtualHost to determine the configuration file for the virtual host.