From 70be5b6bb2b65821db34b4b6146666b9c38dac51 Mon Sep 17 00:00:00 2001
From: Aaron Andersen <aaron@fosslib.net>
Date: Thu, 7 Feb 2019 14:13:45 -0500
Subject: [PATCH] nixos/httpd: disable HTTP TRACE method by default

---
 nixos/modules/services/web-servers/apache-httpd/default.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/nixos/modules/services/web-servers/apache-httpd/default.nix b/nixos/modules/services/web-servers/apache-httpd/default.nix
index b520996bbc1..f9385a70a3c 100644
--- a/nixos/modules/services/web-servers/apache-httpd/default.nix
+++ b/nixos/modules/services/web-servers/apache-httpd/default.nix
@@ -376,6 +376,8 @@ let
     Include ${httpd}/conf/extra/httpd-multilang-errordoc.conf
     Include ${httpd}/conf/extra/httpd-languages.conf
 
+    TraceEnable off
+
     ${if enableSSL then sslConf else ""}
 
     # Fascist default - deny access to everything.