This article describes how to use responder policy to block http trace method when clients access origin web servers behind lb virtual server.

Instructions

1. In GUI, Expand AppExpert, ensure that Responder feature is enabled (without exclamation mark).
2. Go to AppExpert > Responder > Responder Policies, click Add to create a new responder policy.
3. In Action, select REST or DROP. In Expression, using "HTTP.REQ.METHOD.EQ("TRACE")".
4. Navigate to Traffic Management > Load Balancing > Virtual Servers, select the virtual server to which you want to bind the responder policy, and then click Open.
5. Select the Policies tab, which displays a list of all policies configured on your NetScaler, then select the check box next to the name of the responder policy you created, Click OK to complete.