Greetings,

I am trying to disable the HTTP TRACE method in Apache.
For that I add the following configuration lines in httpd.conf


<Directory />
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]
</Directory>

After that I tried to check whether TRACE method is disabled or
not.
using the following commands.

telnet 172.16.16.25 80
Trying 172.16.16.25...
Connected to 172.16.16.25 (172.16.16.25).
Escape character is '^]'.
TRACE / HTTP/1.1
Host: 172.16.16.25

HTTP/1.1 200 OK
Date: Tue, 26 Feb 2008 21:06:29 GMT
Server: Apache
Transfer-Encoding: chunked
Content-Type: message/http

28
TRACE / HTTP/1.1
Host: 172.16.16.25

0

Connection closed by foreign host.

The output confirms that TRACE method was not disabled.
Please clarify me how to disable HTTP TRACE method.
I am using the following Apache version

Server version: Apache/2.2.8 (Unix)
Server built: Feb 18 2008 12:23:43

With Thanks in Advance.

regards
zaman