Blocking TRACE and TRACK HTTP methods


#1

Greetings! I tried blocking TRACE/TRACK on my server, but can’t seem to make it happen. I use Movable Type, and I already have RewriteEngine enabled, so I just found:

RewriteEngine on

… and inserted these two lines:

RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]

It doesn’t seem to have any effect though. I also tried [F,L] - L being “last rule” - still no dice. The web server continues to respond just fine though, even with the above added in.

Is it pilot error on my part? [scratches head slightly] Clues welcome/appreciated!

  • Joe