Problem denying TRACE http request method

deyanira87 · June 28, 2023, 5:47pm

I'm using Traefik 2.10 and I need to block the TRACE request. If I execute the comand

curl -k -v -X TRACE https://mywebsite.com

I can check an html an other configuration.

I have a security middleware with an accessControlAllowMethods configuration in a yaml file. The configuration looks like this:

security:
      headers:
          ...
          accessControlAllowMethods:
            - GET
            - POST
          accessControlAllowOriginList:
            ...

But I still can do a curl TRACE request. I was searching an I don't find any solution to block that kind of request.

Does anyone know how to solve that?

Thanks a lot and regards.

bluepuma77 · June 29, 2023, 5:52am

Maybe see this issue comment.

deyanira87 · June 29, 2023, 9:21pm

Thanks a lot, work like a charm.

system · July 2, 2023, 9:22pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.