PCI Audits often reveal TRACE & TRACK as issues that must be handled before the website can be considered PCI compliant.
If you are running apache 2.x, the following directives will disable TRACE & TRACK functionality.
This change needs to be made in /etc/httpd/conf/httpd.conf:
ServerTokens OS
TraceEnable OFF
The Mod_rewrite directives below need to be added to all paragraphs in both of the following locations:
/etc/httpd/conf/httpd.conf
/etc/httpd/conf.d/ssl.conf
nsert this code right before for each Virtual Host
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* – [F]
Recent Comments