Geek Speak: Can I secure Application Level Tracing?

One of my co-workers( Glen Gordon)  found a good article,  @

Bottom line: secure the trace.axd file with an entry in web.config. J

<location path="trace.axd">
                <allow users="admin" />
                <deny users="*" />

Comments (2)

  1. Dan says:

    I don’t think this totally secures the trace page since it can be requested from any sub-folder in the web application, not just from the root. So while http://www/myapp/trace.axd might be secured, http://www/myapp/images/trace.axd won’t be.

    Does this work on your system?


  2. I did some investigating. You are correct this doesn’t work for the sub folders, but you can add a web.config with just that code to prevent access to the trace.axd.

Skip to main content