Overview
Another security scanner program such as Nessus discovers that the GFI LanGuard Apache communication server has the 'HTTP Trace / Track Methods' vulnerability even though it up to date.
Environment
- GFI LanGuard 2012 or newer
- All supported environments
Root Cause
There is some discussion as to whether this is actually a vulnerability. Turning off the TRACE function should not affect the functionality of GFI LanGuard.
Resolution
This vulnerability alerts you to the fact that the TRACE function is active. You can disable the TRACE function in the GFI LanGuard Apache communication server. In the procedure below XX in the folder name corresponds to the GFI LanGuard version number.
Follow these steps:
- Navigate to the following folder in your GFI LanGuard installation directory:
- for a 64 bit OS:
C:\Program Files (x86)\GFI\LanGuard XX Agent\Httpd\conf\ - for a 32 bit OS: or
C:\Program Files\GFI\LanGuard XX Agent\Httpd\conf\
- for a 64 bit OS:
- Edit the file httpd.conf in Notepad.
- Search for the line:
Listen 80 - Add a line immediately after it with the text
TraceEnable off - Restart the GFI LanGuard Attendant service.