That's strange. I've always been able to disable successfully Trace
and Track through adding the following line to the config file:
TraceEnable off
I'd think I'd be inclined to argue for that being set by default, but it
depends on whether PCI-DSS compliance is valued over RFC compliance as
The point is passing Credit Card compliance tests. OOB, Ubuntu doesn't do so
well. Spent the last two weeks getting through the process. I'll write it up
in some detail but the key points were:
- ciphers
- protocols
- ip separation
- NameVirtualHosts
- no default directory paths
