I have an App Service on Azure that has four virtual applications and no application in the root directory. I have a need to disable Http TRACE requests for all applications and the root URL (a custom domain).
Right now, if I run nmap -script=http-methods.nse [domain].com, I get "Potentially risky methods: TRACE" as part of the result. I've been unable to disable this via web.config, wether with <verbs>, <requestFiltering>, or <handlers>.
Do you know of any way to disable HTTP Trace across virtual applications on Azure? Thank you!
