What is HTTP Trace ? Apache Hardening Tutorial
This article is part of the Apache Hardening and Securing tutorial series. This time we will be taking a look on HTTP Trace find how to check if you are vulnerable and how to fix it.
If your webserver has the HTTP Trace enabled this going to put it into a risk of Cross-Site Tracing and use of Cross-site Scripting (XSS).
TRACE: This method simply echoes back to the client whatever string has been sent to the server, and is used mainly for debugging purposes.
The TRACE method, while it looks fine, it can be used in some scenarios to steal customers' credentials. It allows the client to see what is being received at the other end of the request.
This attack method was first discovered in 2003.
Find if your Web-server is Vulnerable
To check if the trace is enabled by default or not disabled you can use curl for that.
-k To perform insecure connection.
-X Use specified proxy
curl -k -X TRACE https://ip.ip.ip.ip/
If the HTTP Trace is enabled you will be getting something similar to below output and means that you are vulnerable to cross site tracing.
TRACE /phpinfo.php HTTP/1.1
User-Agent: curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
Disable HTTP Trace and Secure your Web-server
service httpd restart
After disabling HTTP Trace try the curl command to check the status:
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<p>You don't have permission to access /phpinfo.php
on this server.</p>
<address>Apache/2.2.3 (Red Hat) Server at ip.ip.ip.ip Port 443</address>