Ali Abbas

Here are just few things to keep in mind when setting up Apache and undergoing a quick security audit.

1. Turn off TRACE or TRACK Methods on Apache

A Trace or Track method is a debug method used to debug webserver connections. A server supporting Trace connections can be subject to cross-site scripting attacks, dubbed XST for “Cross-Site Tracing” (cf to http://www.apacheweek.com/issues/03-01-24)

To disable Trace or Track methods… make sure first that mod_rewrite is enabled, then

RewriteCond %{REQUES_METHOD]^(TRACE|TRACK)
RewriteRule .* – [F]

Read more…