locked
Disabling TRACE on Port 443 RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote
    User209787992 posted

    My school's IT support is not helping me out, so I'm asking for help here.

    They want me to disable the TRACE command on HTTP. I did that. But they said I also need to disable TRACE on HTTPS or port 443. Is that a different procedure?

    Thank you

    Khoi

    Friday, February 5, 2021 9:46 PM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    User690216013 posted

    I did that.

    What did you do exactly?

    Saturday, February 6, 2021 2:23 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User1771714573 posted

    Hi artysporty,

    I don't know how did you disable TRACE on HTTP, but IIS7 and 10 disable TRACE by default. Only IIS8.5 allows TRACE.

    There is no different about disable TRACE on http and port. When TRACE is disabled on server, all request to it will be affected, whatever http and port.

    You can disable TRACE in Request Filter of IIS. Just add Deny Verb.

    Best regards,

    Brucz

    Sunday, February 7, 2021 7:58 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User209787992 posted

    Hi All,

    Yes I blocked the HTTP verbs for TRACE and the infosecurity team at my school confirmed that TRACE was block on HTTP, but not on HTTPS. From what you guys/gals are telling me, this should disable all TRACE on all ports 80 & 443?

    Thank you!!

    Monday, February 8, 2021 4:12 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User1771714573 posted

    Hi artysporty,

    Did you test it correctly? Follow the method I gave you, regardless of http or https, TRACE will be disabled.

    This is http:

    This is https:

    Best regards,

    Brucz

    Monday, February 8, 2021 8:12 AM