For PCI compliance it’s often required that you disable the trace method. This can be done by adding the following to your apache config or httpd.conf file:
In cpanel we typically add this entry in the following file:
Then restart apache:
Then you can test it:
telnet 127.0.0.1 80
Connected to 127.0.0.1.
Escape character is ‘^]’.
TRACE / HTTP/1.0
testing… <- ENTER twice You should receive an error - i.e. HTTP/1.1 403 Forbidden Date: Sat, 20 Oct 2007 20:38:31 GMT Server: Apache/2.2.6 (Debian) PHP/4.4.4-9 mod_ruby/1.2.6 Ruby/1.8.6(2007-06-07) Content-Length: 320 Connection: close Content-Type: text/html; charset=iso-8859-1