Securing Apache – TRACE TRACK XSS
I always scan my servers every month with Openvas as one of my PCI-DSS task. And this week I locking down my Apache servers.
Add this in you vhost file ore in the welcome.conf file and rerun you scan.
TraceEnable off
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* – [F]
Recent Comments