Hello,
Currently we are using Apache 2.0.46. On the 1.3.x version we always used
the following mod_rewrite rule to disable the TRACE option:
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]
When using these rules on Apache 2.0.46, TRACE is still possible. Beside the
fact that the whole TRACK & TRACE
"security issue" is not that interesting, I still wonder how TRACE can be
disabled in Apache 2.0.46. I've also tried the TraceEnable option but that
options seems to be supported in 2.0.55 and later only.
Hope someone can point me in the right direction.
Kind Regards,
Jeroen.
