IBM Support

Disabling the TRACE Method or XSS Using for HTTP

Troubleshooting


Problem

This document provides directives to disable the Trace method in the Apache HTTP server. The Trace method is also known as "Cross-Site Tracing" or XST.

Resolving The Problem

The following directive can be used to disable the Trace method in the HTTP configuration (i.e /www/servername/conf/httpd.conf). It is also known as the Trace Track method or XST for Cross-Site Tracing. It is also referred to as XSS.

  • TraceEnable Off


This directive can be put in the global server area. It is inherited in Virtual Host containers.

Alternate Method:

The following lines can be added to the configuration to disable TRACE and TRACK:


  • RewriteEngine On
    RewriteCond %{REQUEST_METHOD} ^TRACE
    RewriteRule .* - [F]
    RewriteCond %{REQUEST_METHOD} ^TRACK
    RewriteRule .* - [F]
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG60","label":"IBM i"},"Component":"Communications-TCP","Platform":[{"code":"PF012","label":"IBM i"}],"Version":"Version Independent","Edition":"","Line of Business":{"code":"LOB57","label":"Power"}}]

Historical Number

407265034

Document Information

More support for:
IBM i

Software version:
Version Independent

Operating system(s):
IBM i

Document number:
637701

Modified date:
18 December 2019

UID

nas8N1015092

Manage My Notification Subscriptions

Page Feedback