In order to improve the security of your site (and your users), you should disable the TRACE
method from your web server. This method has no real-life usage and can be misused for XST (cross-site tracing) attacks.
That is how you can disable it on Apache (via .htaccess):
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]
These documents explain it in detail:
Sucuri Customers
Note that all WAF users are already protected against it.
If you have any questions, please contact our research team at research@sucuri.net.
Was this article helpful?