For PCI compliance it’s often required that you disable the trace method. This can be done by adding the following to your apache config or httpd.conf file:
In cpanel we typically add this entry in the following file:
Then restart apache:
Then you can test it:
telnet 127.0.0.1 80
Connected to 127.0.0.1.
Escape character is ‘^]’.
TRACE / HTTP/1.0
testing… <- ENTER twiceYou should receive an error - i.e.HTTP/1.1 403 ForbiddenDate: Sat, 20 Oct 2007 20:38:31 GMTServer: Apache/2.2.6 (Debian) PHP/4.4.4-9 mod_ruby/1.2.6 Ruby/1.8.6(2007-06-07)Content-Length: 320Connection: closeContent-Type: text/html; charset=iso-8859-1