Trace Back :

Testing if Trace back is enabled :

telnet localhost 80 TRACE / HTTP / 1.0

If you get any response back trace is enabled.

Disabling Trace Back :

vi /etc/httpd/conf/httpd.conf TraceEnable off

or , use an htaccess or rewrite rule :

RewriteEngine On RewriteCond %{REQUEST_METHOD} ^TRACE RewriteRule .* - [F]

Hide Apache Software Version :

vi /etc/httpd/conf/httpd.conf ServerTokens ProductOnly ServerSignature Off

Disable SSL Protocol V2 :

SSLProtocol all -SSLv2

Check if SSL V2 is supported :

openssl s_client -connect :443 -quiet -ssl2

Disable Weak Ciphers :

SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM