To disable TRACE/TRACK requests from IIS(Windows 2012 R2), I used the instructions from this tutorial : Verbs <verbs> | Microsoft Docs. I configured to deny OPTIONS, TRACE and TRACK requests.
The IIS server forwards the requests to a JBoss Server.
When I send TRACE and TRACK requests to the IIS server through curl (via curl -v -X TRACE http://myserver/) , I get 404 responses(from my JBoss server). I was expecting a 405 response(Method not implemented).
Also, I get proper responses when I issue GET/POST requests(through the browser app or through curl)
What did I miss ?
