How can I disable the HTTP TRACE method in Laravel Forge?

Question

I have an application that needs to pass a security review. I'm using Laravel Forge and the item in question is:

The application web server must be configured to disable the TRACE and other HTTP methods if not being used.

I tested it using

curl -v -X TRACE http://www.yourserver.com

via this guide:

And it didn't return an error message so I'm assuming that I still need to disable TRACE.

What's the best way to accomplish this using Laravel Forge?

score 1 · Accepted Answer · answered Sep 03 '14 at 20:33

1

You can edit your nginx configuration in Forge, so you just need to add a method filter in your conf:

if ($request_method !~ ^(GET|HEAD|POST)$ ) 
{
    return 444;
}

answered Sep 03 '14 at 20:33

1 Answers1