Latest LQ Deal: Latest LQ Deals
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 11-10-2008, 01:21 AM   #1
LQ Newbie
Registered: Jul 2008
Posts: 5

Rep: Reputation: 0
Post How to trace and disable the HTTP TRACE method in Apache 1.3.33 with FreeBSD?

I used following configuration settings in ".htaccess" file to disable the HTTP TRACE method, which I found as most common recommended solution.

RewriteEngine On
RewriteRule .* - [F]

My server configurations are as follows:
Webserver: Apache 1.3.33

I want to know how reliable is this?
Is there any simple way, by which I can be sure that it's really working
and the server is now secure from this vulnerability.
Old 11-11-2008, 10:41 AM   #2
LQ Newbie
Registered: Aug 2006
Location: Chesapeake, VA
Distribution: Solaris, HP-UX, RedHat, Fedora
Posts: 15

Rep: Reputation: 0
One way to test if TRACE has been disabled is to telnet to port 80 (type the stuff in red):

telnet 80
Connected to (
Escape character is '^]'.
<press enter a few times>

If a 400 error is printed then you are secured:

HTTP/1.1 403 Forbidden
Date: Tue, 11 Nov 2008 15:26:33 GMT
Server: Apache/2.0.52 (OS Version)
Accept-Ranges: bytes
Content-Length: 3985
Connection: close
... html
... html

Here is an example of how to use telnet to test HTTP for future reference:

Last edited by Autocross.US; 11-11-2008 at 10:44 AM.


apache, disable, http, method, trace

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Disabling HTTP TRACE method in Apache bzlaskar Linux - Server 15 01-25-2010 09:44 AM
"killed" Message - how to trace/back trace ebinjose Linux - Kernel 1 01-29-2008 07:12 AM
Apache access+log can't trace a particular PC at second times SquallPang Linux - Security 1 12-27-2006 06:58 PM
apache mod_rewrite {TRACE|TRACK} woes noir911 *BSD 8 03-09-2006 01:55 AM
can't trace frequent apache crash/automagic restart error I_AM Linux - General 1 04-09-2005 09:13 AM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:29 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration