Securing Apache – TRACE TRACK XSS

So i will tryi to updated with some tips on securing apache as I stumbel over them.

This will be the first one in not so many I hope (Apache will be secure )
I always scan my servers every month with Openvas as one of my PCI-DSS task. And this week I locking down my Apache servers.

Add this in you vhost file ore in the welcome.conf file and rerun you scan.

 

TraceEnable off

RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]

Leave a Reply

%d bloggers like this: