Disable TRACE or TRACK method in Apache

Disabling the TRACE or TRACK methods from inside Apache are highly recommended and are now actually required in order to be PCI Compliant.  To disable the method in a cPanel server the process is very easy:

(This method has been tested and documented for cPanel Version 58.0.  Links may change based on cPanel versions)

  1. Access your Web Hosting Manager (WHM)
  2. Under Service Configuration, click the link for Apache Configuration
  3. Click the Global Configuration link
  4. The second option is TraceEnable.  Set this to OFF.
  5. Restart Apache

To test and verify that the TRACE method is disabled on the server, you can do it two way;

Internal test from Shell:
telnet localhost 80

This should respond with waiting on a character.  This proves the connection can not be made, and you will only be able to exit from it by pressing CONTROL-C on your keyboard.

External Test from a remote site:

http://web-sniffer.net/

Using the above URL, you can enter your domain name or main IP numbers for your server, then select the radio button for TRACE.  After running the test, you see in the HTTP Response Headers the following information

"HTTP Status Code: HTTP/1.1 405 Method Not Allowed"



reviewed: 10/17/2016

  • Email, SSL
  • 37 Users Found This Useful
Was this answer helpful?

Related Articles

Copy files from server to server using SCP

Often times with a VPS or Dedicated Server you will need the ability to copy a single file or...

How do I repair a mysql database table via ssh command line?

In order to repair your mysql table in question via the ssh command line terminal, you will need...

- DELETE -Error: Missing Dependency: perl(Convert::ASN1) is needed by package samba-3.0.33-3.7.el5.i386 (base)

When running "yum upgrade" , you may encounter this error: Error: Missing Dependency:...

My ISP is blocking SMTP port 25. How can i configure Exim on a different port?

  This is a quick resolution to help resolve the common "My ISP is blocking SMTP port 25 issue...

How do i check who is logged into my server via ssh?

If you want to check who is currently logged into your dedicated server or vps server, you can...