Disable TRACE and PUT methods

Hi There,
I would like to disable PUT and TRACE verbs on Windows 2008 IIS that is running Terminal Services and Desktop RemoteApp.
I cannot find any information if PUT or TRACE is a requirement for Terminal Service or if can be safely disabled without breaking anything,
Any thoughts ?
Thanks,



Run a packet monitor such as wireshark to see if PUT and TRACE are used at all.

PUT might be used when transfering files over a RDP mapped drive.

I'd be surprised if TRACE is used in any form; but would test clipboard use while running wireshark just to make sure.

More likely then not RDP over HTTP is normal RDP traffic in some sort of encapsulated tunnel based on HTTP or HTTPS.



Run a packet monitor such as wireshark to see if PUT and TRACE are used at all.

PUT might be used when transfering files over a RDP mapped drive.

I'd be surprised if TRACE is used in any form; but would test clipboard use while running wireshark just to make sure.

More likely then not RDP over HTTP is normal RDP traffic in some sort of encapsulated tunnel based on HTTP or HTTPS.



Would I be able to see TRACE and PUT inside https traffic using wireshark?



Yes, you can, however it requires a bit of prep work here is a great read up on it: http://packetpushers.net/using-wireshark-to-decode-ssltls-packets/

An easier solution might be to run something like Fiddler (http://www.telerik.com/fiddler) .



If you have HTTP logging enabled, you will find the verbs used under "cs-method" column in the log files. It's a lot easier to enable logging than to drop wireshark on a server and try to interpret/analyze trace logs... IMHO.

Dan



Share this

Related Posts

There was an error in this gadget