I'm having some trouble turning off HTTP TRACE on a few web servers. They're running RedHat Enterprise, so the included apache version is 2.0.52 and I'm too lazy to upgrade unless totally necessary. I've tried the .htaccess fixes, and since I'm not running 2.0.55 or higher the enable directive isn't available.
Does anyone have a suggestion, or do I just need to bite the bullet and upgrade?
jdMorgan
3:41 am on Oct 26, 2006 (gmt 0)
I've always considered it to be rather bad form to disable TRACE unconditionally, as it occasionally serves a network diagnostic purpose; Requests using the TRACE method should simply be "Echoed" back to the requestor, unless you're seeing abuse from that specific IP or User-agent.
You can try using mod_rewrite, using a RewriteCond %{HTTP_METHOD} test if you wish to pursue this.
