ISPConfig Disable TRACE

Written by adam on Mon, 03/31/2008 - 12:08

ISPConfig by default leaves TRACE enabled which HackerSafe PCI and ControlScan mark as a level 3 security vulnerability. Here's how to get rid of it in ISPConfig:

First, make sure you are upgraded to the latest version since this only works in apache >= 1.3.34
File: /root/ispconfig/httpd/conf/httpd.conf

Add the following line at the bottom:

TraceEnable off

This will remove TRACE from the ISPConfig admin area (port 81).

Next, find your httpd server's configure file, usually one of these:
/etc/httpd/conf/httpd.conf
/etc/apache2/apache2.conf

Add this line to the bottom:

TraceEnable off

This will remove it for port 80 and 443.

Run the following lines to reload/restart your servers:

/etc/init.d/httpd reload
/etc/init.d/ispconfig_server restart

If you get any errors while reloading then your apache version is too old to support the TraceEnable function and you should upgrade.

To make sure it worked, use my other post: HTTP Test TRACE Enabled

adam's blog
to post comments

Main menu

You are here

User login

ISPConfig Disable TRACE