2011-04-08

Disabling TRACE and TRACK methods

After reading a blog post about how to disable TRACE and TRACK for compliance, I've taken an extra step - limit HTTP requests to only "the big three":
        RewriteEngine On
RewriteCond %{REQUEST_METHOD} !^(GET|HEAD|POST)
RewriteRule .* - [F]
It's possible you might want to add "OPTIONS" to that list or "DELETE|PUT" to be RESTful, but as with most implementations, YMMV.

No comments:

Ratings and Recommendations by outbrain