Disabling HTTP TRACE method in Apache

Greetings,

I am trying to disable the HTTP TRACE method in Apache.
For that I add the following configuration lines in httpd.conf


<Directory />
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]
</Directory>

After that I tried to check whether TRACE method is disabled or
not.
using the following commands.

telnet 172.16.16.25 80
Trying 172.16.16.25...
Connected to 172.16.16.25 (172.16.16.25).
Escape character is '^]'.
TRACE / HTTP/1.1
Host: 172.16.16.25

HTTP/1.1 200 OK
Date: Tue, 26 Feb 2008 21:06:29 GMT
Server: Apache
Transfer-Encoding: chunked
Content-Type: message/http

28
TRACE / HTTP/1.1
Host: 172.16.16.25

0

Connection closed by foreign host.

The output confirms that TRACE method was not disabled.
Please clarify me how to disable HTTP TRACE method.
I am using the following Apache version

Server version: Apache/2.2.8 (Unix)
Server built: Feb 18 2008 12:23:43

With Thanks in Advance.

regards
zaman

On 26.02.2008, bzaman <bzaman.laskar@gmail.com> wrote:
> Greetings,
>
> I am trying to disable the HTTP TRACE method in Apache.
> For that I add the following configuration lines in httpd.conf
>
>
> <Directory />
> RewriteEngine On
> RewriteCond %{REQUEST_METHOD} ^TRACE
> RewriteRule .* - [F]
> </Directory>

And why don't you simply disable this method (<Method ...> directive
with mod_access) instead of messing with mod_rewrite?

--
Secunia non olet.
Stanislaw Klekot

On Tue, 26 Feb 2008 03:54:58 -0800 (PST)
bzaman <bzaman.laskar@gmail.com> wrote:

> I am trying to disable the HTTP TRACE method in Apache.

TraceEnable Off


Regards,
Ertugrul.


--
http://ertes.de/