https://techglimpse.com/http-trace-track-methods-disable-web-se
https://stackoverflow.com/questions/10673306/disable-track-and-trace-in-apache
TRACE and TRACK are HTTP methods that are used to debug web server connections. An attacker can create a webpage using XMLHTTP, ActiveX, or XMLDOM to make a client issue a TRACE request and capture the client’s cookies. This effectively results in a Cross-Site Scripting attack
Test trace enabled :
curl -v -X TRACE -k https://example.com 80
Diable in apache2:
In Apache2 you can just add TraceEnable Off in httpd.conf (end of file)
TraceEnable Off
No comments:
Post a Comment