How to disable the HTTP TRACE method from the IIS Server

To disable the HTTP TRACE method from the Window Server using IIS.

Add the following in web.config

    <system.webServer>
     <security>
         <requestFiltering>
            <verbs applyToWebDAV=”false”>
               <add verb=”TRACE” allowed=”false” />
            </verbs>
         </requestFiltering>
      </security>

    </system.webServer>

Use http://web-sniffer.net/ to verify the implementation.

Leave a Reply

Your email address will not be published. Required fields are marked *