I have an application that needs to pass a security review. I'm using Laravel Forge and the item in question is:
The application web server must be configured to disable the TRACE and other HTTP methods if not being used.
I tested it using
curl -v -X TRACE http://www.yourserver.com
via this guide:
https://security.stackexchange.com/questions/31659/testing-for-http-trace-method
And it didn't return an error message so I'm assuming that I still need to disable TRACE.
What's the best way to accomplish this using Laravel Forge?
You can edit your nginx configuration in Forge, so you just need to add a method filter in your conf:
if ($request_method !~ ^(GET|HEAD|POST)$ )
{
return 444;
}