Skip to content

TechDirectArchive

Hands-on IT, Cloud, Security, Veeam & DevOps

  • Home
  • About
  • Advertise With US
  • Reviews
  • Contact
  • Toggle search form

How to Disable HTTP TRACE Method for Apache, IIS, sunOne, and Lotus Domino

Posted on 03/11/202009/09/2023 IT Expert By IT Expert No Comments on How to Disable HTTP TRACE Method for Apache, IIS, sunOne, and Lotus Domino
  1. Home
  2. Web Server
  3. How to Disable HTTP TRACE Method for Apache, IIS, sunOne, and Lotus Domino
Disable HTTP TRACE Method

The HTTP TRACE method is normally used to return the full HTTP request back to the requesting client for proxy-debugging purposes. An attacker can create a webpage using XMLHTTP, ActiveX, or XMLDOM to cause a client to issue a TRACE request and capture the client’s cookies. This effectively results in a Cross-Site Scripting attack. In this post, I will be explaining how to disable HTTP trace method for Apache, IIS, SunOne, and Lotus Domino.

Kindly refer to some of these interesting guides: How to install and configure FTP server on Windows 10, Event ID 5059: Application pool has been disabled or Changing identity user for IIS Application Pool, and how to Disable HTTP TRACE Method for Apache, IIS, sunOne, and Lotus Domino. These steps were tested on Windows Server 2019, and 2022. Please refer to the guide on how to resolve this concern: Warning: FTP over TLS is not enabled, users cannot securely log in: You appear to be behind a NAT Router, please configure the passive mode settings and forward a range of ports in your router.

Disable HTTP TRACE Method for Apache
Newer versions of Apache (1.3.34 and 2.0.55 and later) provide a configuration directive called TraceEnable. 

Consequently, To deny TRACE requests, add the following line to the server configuration:
TraceEnable off

Furthermore, For older versions of the Apache webserver, use the mod_rewrite module to deny the TRACE requests:
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]

Disable HTTP TRACE Method for Microsoft IIS
Nonetheless, For Microsoft Internet Information Services (IIS), you may use the URLScan tool, freely available at this link.

Disable HTTP TRACE Method for SunONE/iPlanet
However, For Sun ONE/iPlanet Web Server v6.0 SP2 and later, add the following configuration to the top of the default object in the ‘obj.conf’ file:

< Client method="TRACE" >
AuthTrans fn="set-variable"
remove-headers="transfer-encoding"
set-headers="content-length: -1"
error="501"
< /Client >

Disable HTTP TRACE Method for Domino
In addition, Follow IBM’s instructions for disabling HTTP methods on the Domino server by adding the following line to the server’s NOTES.INI file:
HTTPDisableMethods=TRACE
After saving NOTES.INI, restart the Notes web server by issuing the console command "tell http restart"

Moreover, Following the steps above should help, and it should not be captured during penetration testing on your servers.

Rate this post

Thank you for reading this post. Kindly share it with others.

  • Share on X (Opens in new window) X
  • Share on Reddit (Opens in new window) Reddit
  • Share on LinkedIn (Opens in new window) LinkedIn
  • Share on Facebook (Opens in new window) Facebook
  • Share on Pinterest (Opens in new window) Pinterest
  • Share on Tumblr (Opens in new window) Tumblr
  • Share on Telegram (Opens in new window) Telegram
  • Share on WhatsApp (Opens in new window) WhatsApp
  • Share on Mastodon (Opens in new window) Mastodon
  • Share on Bluesky (Opens in new window) Bluesky
  • Share on Threads (Opens in new window) Threads
  • Share on Nextdoor (Opens in new window) Nextdoor
Web Server Tags:IIS

Post navigation

Previous Post: User account and process management in Linux
Next Post: The logon attempt failed for the remote desktop connection

Related Posts

  • Hyper V Virtual Switch Copy
    How to Create VDI Collections on Windows Server 2022 Network | Monitoring
  • hgjk
    Understanding the different types of Proxy Servers Web Server
  • apache ubuntu 20 04
    How to Install Apache HTTP Server on Ubuntu 20.04 LTS Linux
  • Secure Web Server
    How to secure a Web Server on a Windows VM in Azure using TLS/SSL Certificates Saved in Azure Key Vault AWS/Azure/OpenShift
  • http to https redirection
    URL Rewrite: How to redirect from HTTP to HTTPS Web Server
  • kerberosdelegation
    Kerberos Delegation: A Comprehensive Guide Web Server

More Related Articles

Hyper V Virtual Switch Copy How to Create VDI Collections on Windows Server 2022 Network | Monitoring
hgjk Understanding the different types of Proxy Servers Web Server
apache ubuntu 20 04 How to Install Apache HTTP Server on Ubuntu 20.04 LTS Linux
Secure Web Server How to secure a Web Server on a Windows VM in Azure using TLS/SSL Certificates Saved in Azure Key Vault AWS/Azure/OpenShift
http to https redirection URL Rewrite: How to redirect from HTTP to HTTPS Web Server
kerberosdelegation Kerberos Delegation: A Comprehensive Guide Web Server

Leave a Reply Cancel reply

You must be logged in to post a comment.

Microsoft MVP

VEEAMLEGEND

vexpert-badge-stars-5

Virtual Background

GoogleNews

Categories

veeaam100

Veeam Vanguard

  • 2FA For SSH in Linux
    Set Two-Factor Authentication for SSH in Linux Linux
  • fix frequent shutdown due to licensing issues   Windows
    Fix Windows Server frequent disconnects and shutdown Windows Server
  • maxresdefault
    How to stop Microsoft Edge from remembering your email ID Windows
  • Feature image Install.wim file
    How To Get Install.WIM From Windows 10 Installation File Windows
  • ESXi
    How to install ESXi on VirtualBox Virtualization
  • get computer specific model information
    How to get Windows PC specific Model information Windows
  • updates
    Out-of-Band Security Update for PrintNightmare: Patch released for Windows Print Spooler Remote Code Execution Vulnerability Security | Vulnerability Scans and Assessment
  • BitLocker MBAM Frequently Asked Questions
    Disable the Sleep Mode: UEFI and TPM and BitLocker FAQs Windows

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 1,791 other subscribers
  • RSS - Posts
  • RSS - Comments
  • About
  • Authors
  • Write for us
  • Advertise with us
  • General Terms and Conditions
  • Privacy policy
  • Feedly
  • Telegram
  • Youtube
  • Facebook
  • Instagram
  • LinkedIn
  • Tumblr
  • Pinterest
  • Twitter
  • mastodon

Tags

Active Directory Azure Bitlocker Microsoft Windows PowerShell WDS Windows 10 Windows 11 Windows Deployment Services Windows Server 2016

Copyright © 2025 TechDirectArchive

Loading Comments...

You must be logged in to post a comment.