If you like to keep your VPS hosting server or dedicated server secure you may need to disable TRACE or TRACK methods for Apache web server. We highly recommended this it is required in order to be PCI Compliant too.

It is very easy to disable tracing for Apache if you are using a cPanel based VPS or dedicated server.

Here are the steps how to do this:

1. Login to your cPanel's hosting admin panel - Web Hosting Manager (WHM)
2. Then you will see a link Service Configuration. Now click on the link for Apache Configuration
3. Click on the Global Configuration link
4. The second option you will see is "TraceEnable".  Set this option to "Off"
5. Restart the Apache Web Server

After this is done you can test and verify that the Apache TRACE method is disabled for your VPS hosting server or dedicated server. 

You can do it either like:

Internal test from SSH Shell:

telnet localhost 80

The response to this should be waiting on a character, proves that the connection can not be made, and can exit from this by pressing Ctrl+c on the keyboard.

External test from a remote web site:

http://web-sniffer.net/

Just can enter your domain name or IP address for your web server and select the button TRACE. After the test finish, you will see the HTTP Response Headers the following message:

"HTTP Status Code: HTTP/1.1 405 Method Not Allowed"

Was this answer helpful? 0 Users Found This Useful (0 Votes)