Microsoft Internet Information Services allows you to host websites on your computer that are available to an intranet or Internet users. During development and testing of the website, the HTTP Trace method can be a helpful troubleshooting tool. HTTP Trace allows you to view the information the server is receiving from the client-side browser. While beneficial for troubleshooting during development, the United States Computer Emergency Response Team (US-CERT) recognizes this as a vulnerability in production systems due to its potential to expose sensitive information. Using IIS 6.0, you can manually disable the HTTP Trace functionality.
Things You'll Need
- Administrative access
Log in to Windows using an administrative account.
Click "Start." In the search box on Windows Vista or Windows 7, type "regedit" and press "Enter." On older versions of Windows, click "Run" and type "regedit" there. Vista users may need to click "Continue" on the User Account Control window.
Navigate through the path below by double-clicking the entries or expanding them using the plus (+) signs on the left pane of the registry editor window.
In the right pane, double-click on "EnableTraceMethod" to edit the value. The Reg_DWORD value should be set to 0 to disable the trace feature.
Exit the registry editor.
Restart IIS either by typing "net stop iis" followed by "net start iis" at a command prompt, or restarting the computer.
Tips & Warnings
- Registry editing should only be done by advanced users. Improperly editing the registry can cause problems launching applications or starting the computer.
- Photo Credit John Foxx/Stockbyte/Getty Images