{"id":565,"date":"2012-07-23T20:46:00","date_gmt":"2012-07-23T20:46:00","guid":{"rendered":"http:\/\/www.omniweb.com\/wordpress\/?p=565"},"modified":"2012-07-23T20:48:34","modified_gmt":"2012-07-23T20:48:34","slug":"how-to-test-and-disable-trace-requests-in-apache","status":"publish","type":"post","link":"https:\/\/www.omniweb.com\/wordpress\/?p=565","title":{"rendered":"How to test and disable TRACE requests in Apache"},"content":{"rendered":"<p>Some PCI compliance tests may fail due to &#8220;TRACE&#8221; being allowed on the web server.<br \/>\nTo test whether your web server allows TRACE, do this:<br \/>\n<code><br \/>\ntelnet 127.0.0.1 80<br \/>\nTRACE \/ HTTP\/1.0<br \/>\nHost: www.whatever.com<br \/>\n[CR]  ( blank line with carriage return only)<br \/>\n<\/code><br \/>\nInstead of &#8216;[CR]&#8217;, enter a blank line after the &#8220;Host: whatever&#8221; line.  If your server outputs some information including the same &#8216;Host: whatever&#8217; that you entered, you are &#8220;vulnerable&#8221;.<\/p>\n<p>To disable this vulnerability, add this to the apache httpd.conf &#8220;Main server configuration&#8221; section:<br \/>\n<code><\/p>\n<p># Disable Trace requests:<br \/>\nTraceEnable off<br \/>\n<\/code><\/p>\n<p>Then restart apache.  The test above should return a document stating &#8220;405 Method Not Allowed&#8221; &#8211; you are now in compliance (for this test at least!)<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Some PCI compliance tests may fail due to &#8220;TRACE&#8221; being allowed on the web server. To test whether your web server allows TRACE, do this: telnet 127.0.0.1 80 TRACE \/ HTTP\/1.0 Host: www.whatever.com [CR] ( blank line with carriage return &hellip; <a href=\"https:\/\/www.omniweb.com\/wordpress\/?p=565\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/www.omniweb.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/565"}],"collection":[{"href":"https:\/\/www.omniweb.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.omniweb.com\/wordpress\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.omniweb.com\/wordpress\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.omniweb.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=565"}],"version-history":[{"count":4,"href":"https:\/\/www.omniweb.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/565\/revisions"}],"predecessor-version":[{"id":576,"href":"https:\/\/www.omniweb.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/565\/revisions\/576"}],"wp:attachment":[{"href":"https:\/\/www.omniweb.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=565"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.omniweb.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=565"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.omniweb.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=565"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}