It is a security best practice to disable the HTTP TRACE and TRACK methods in production. What is the best way to do this in an Apache2-based Elastic Beanstalk Deployment (such as Python)?
Asked
Active
Viewed 864 times
1 Answers
1
Setting TraceEnable Off (as suggested here) will only disable TRACE and not TRACK. You'll need to use rewrite engine for TRACK requests.
Add the following to one of your .config files in .ebextensions:
files:
"/etc/httpd/conf.d/disable_trace_track.conf":
mode: "000644"
owner: root
group: root
content: |
TraceEnable Off
RewriteEngine on
<If "%{REQUEST_METHOD} == 'TRACK'">
RewriteRule .* - [F]
</If>
Zags
- 37,389
- 14
- 105
- 140