Disable Trace or Track Method

If you have VPS or Dedicated server hosting, you may want to disable the TRACE or TRACK methods for the Apache web server. Disabling it is also required for PCI Compliancy if that's of interest to you. It's super easy to disable tracing for Apache if you're using a cPanel-based server.

Disable TRACE or TRACK Method

To disable TRACE or TRACK:

1. Log into your cPanel's hosting admin panel, Web Hosting Manager (WHM).

2. Click Service Configuration from the left-hand side navigation menu.

   

3. Click Apache Configuration.

4. Click Global Configuration.

   

5. In the Trace Enable section toggle or select the option Off.

6. Scroll down and click Save.

7. On the next page, click Rebuild Configuration and Restart Apache to restart the Apache Web Server.

Verify It's Disabled

After this is done you should verify that Apache TRACE method has in fact been disabled for your VPS or Dedicated server. To do this you can perform one of the two options below.

Perform an Internal Test from SSH Shell

telnet localhost 80

You should see that the system is waiting on a character. This proves that the connection cannot be made, which is what you want. Exit out of this by pressing CTRL + C on your keyboard.

Perform an External Test from a Remote Web Site

1. Go here: http://web-sniffer.net/.

2. Enter your domain name or IP address for your web server.

3. Enter the reCaptcha code and click Submit.

4. After the test finishes, you will see the following message in the HTTP Response Headers:

   HTTP Status Code: HTTP/1.1 405 Method Not Allowed