TRACE / TRACK vulnerability testing
Posted on 2009-04-02
I have Apache httpd server (version 2.2.3) running and our security team has asked that we lock it down to TRACE and TRACK vulnerabilities. i have read that i can use "TraceEnable off" to turn it off, but how do i test before and after to see that it really is an issue and that it is fixed after i make the change?
how do i test it and what should i see as the result?
Also, we redirect all http traffic to https, so is this still an issue?
thanks in advance for you help.