OPTIONS is a diagnostic method that is primarily used for debugging. This HTTP method essentially reports which HTTP methods are permitted on the webserver. In actuality, this is rarely utilized for legitimate purposes, but it can provide a potential attacker with some assistance and may be viewed as a shortcut to finding another weakness.
This may be accomplished in IIS by excluding the OPTIONS verb from the HTTP Verb Request Filtering rules.
- Open IIS Manager.
- Select the name of the machine to configure this globally (or change to the specific web site for which you need to configure this).
- Double click on “Request Filtering”.
- Change to the HTTP Verbs tab.
- From the Actions pane, select “Deny Verb”.
- Insert ‘OPTIONS’ in the Verb, and press OK to save changes.
The usage of mod rewrite is the standard method for disabling particular HTTP Methods in the Apache web server. The mod rewrite engine is a rules-based rewriting engine that may be loaded in the usual apache configuration file or as part of an.htaccess file. A mod rewrite rule must have at least four components: the directive that loads the module, the directive that turns on the rewrite engine, a rewriting condition, and a rewrite rule.
Security limitations specified within the Java Servlet standard are used to ensure security in Apache Tomcat. These are not found in Tomcat’s main server.xml file, but rather in the web.xml configuration file.
ZOFixer.com security scan helps to find this vulnerability in your software and server, you can easily use it by registering on our website and activating the 30-day trial.