Deny TRACE requests
Problem:
You wish to deny TRACE requests to your site.
Recipe:
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule ^ - [F]
Discussion:
It's not at all clear that there's any real danger presented by the TRACE method. However, some people feel that there is, and this recipe should serve to set their minds at ease. Also a similar method may be used to block the SEARCH requests associated with the IIS WebDAV exploit that may be plagueing your log files, as follows:
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^SEARCH
RewriteRule ^ - [F]
As you'll see in other recipes, you can check any environment variable that you're interested in.