Index


Overview

The HTTP TRACE method performs a message loop-back test along the path to a target resource, providing useful debugging/fault tracing information. By default, the Statseeker web server has HTTP Trace enabled, and for some users this is a security concern.

[top]

Disabling HTTP Trace

To disable HTTP Trace:

  • Open an SSH session to your Statseeker server, initially you will need to log in as the statseeker user
  • Switch to the root user via the su command, entering the password when prompted
Note: during the Statseeker installation process, a single password is assigned to the root and statseeker server accounts, as well as the admin Statseeker user account. If the event that the root user password needs to be reset, see Reset the Root Server Password from the CLI.
  • Move to the Apache directory
# cd /usr/local/etc/apache24
  • Open the httpd.conf file
# vi httpd.conf
  • Hit o to insert a new line, this will also move the cursor into that new line
  • Hit i to switch to insert mode
Note: if you are unfamiliar with using the vi text editor, see FreeBSD’s Vi Editor page.

[top]

  • Enter the following:
TraceEnable off
  • Hit Esc (escape) to exit insert mode (feel free to hit it a few times to be sure, I know I always do)
  • Enter the following to save and quit editing the file:
:wq!
  • Restart the Apache service with:
service apache24 restart