Make disabling TRACE method usable in a .htaccess file (#169)

Co-authored-by: Léo Colombaro <[email protected]>

Author: Malvoz

src/security/trace_method.conf

@@ -5,18 +5,22 @@
 # Prevent Apache from responding to `TRACE` HTTP request.
 #
 # The TRACE method, while apparently harmless, can be successfully
-# leveraged in some scenarios to steal legitimate users' credentials
+# leveraged in some scenarios to steal legitimate users' credentials.
 #
 # Modern browsers now prevent TRACE requests being made via JavaScript,
 # however, other ways of sending TRACE requests with browsers have been
 # discovered, such as using Java.
 #
-# (!) The `TraceEnable` directive will only work in the main server
-# configuration file, so don't try to enable it in the `.htaccess` file!
+# (!) If you have access to the main server configuration file, use the 
+#     `TraceEnable` directive instead.
 #
 # https://tools.ietf.org/html/rfc7231#section-4.3.8
 # https://www.owasp.org/index.php/Cross_Site_Tracing
 # https://www.owasp.org/index.php/Test_HTTP_Methods_(OTG-CONFIG-006)
 # https://httpd.apache.org/docs/current/mod/core.html#traceenable
 
-TraceEnable Off
+<IfModule mod_rewrite.c>
+    RewriteEngine On
+    RewriteCond %{REQUEST_METHOD} ^TRACE [NC]
+    RewriteRule .* - [R=405,L]
+</IfModule>