Geek Speak: Can I secure Application Level Tracing?

One of my co-workers( Glen Gordon) found a good article, @ https://scottcate.mykb.com/Article_D5C6F.aspx

Bottom line: secure the trace.axd file with an entry in web.config. J

<location path="trace.axd">
        <system.web>
            <authorization>
                <allow users="admin" />
                <deny users="*" />
            </authorization>
        </system.web>
  </location>

Comments

• Anonymous
  February 08, 2005
  I don't think this totally secures the trace page since it can be requested from any sub-folder in the web application, not just from the root. So while http://www/myapp/trace.axd might be secured, http://www/myapp/images/trace.axd won't be.
  
  Does this work on your system?
  Dan
  
• Anonymous
  February 14, 2005
  I did some investigating. You are correct this doesn't work for the sub folders, but you can add a web.config with just that code to prevent access to the trace.axd.