Reputation: 5273
Disabled Unnecessary HTTP Methods
I'am doing a web based application and what I did is to disable some of the HTTP methods are not necessary for the website specifically: OPTIONS, HEAD and TRACE.
I put this on the httpd.conf of my xampp to test if this works:
RewriteEngine On
RewriteCond %{REQUEST_METHOD} !^(GET|POST|PUT)
RewriteRule .* - [R=405,L]
Now my problem is how would i know if it is really deactivated or this particular setting is working properly? Are there tools that could facilitate this. I'm just new to server side administration.
Please someone help me.
Upvotes: 0
Views: 2620
Answers (1)
Reputation: 1400
You could just use telnet/netcat to verify this. Assuming that you're not using HTTPS, something like below should work perfectly to test:
$ telnet www.google.com 80
Trying 74.125.239.49...
Connected to www.google.com.
Escape character is '^]'.
OPTIONS / HTTP/1.1
Host:
HTTP/1.1 405 Method Not Allowed
Content-Type: text/html; charset=UTF-8
Content-Length: 962
Date: Tue, 17 Dec 2013 20:18:22 GMT
Server: GFE/2.0
Alternate-Protocol: 80:quic
Rinse and repeat for any other method that you have disabled, and that will tell you for sure whether the configuration works or not.
Upvotes: 1
Related Questions
- Disable OPTIONS HTTP on Apache Server
- Insecure HTTP Methods Enabled - How to disable
- Disable HTTP OPTIONS method in spring boot application
- How to disable HTTP Methods on cowboy server
- modsecurity: SecRule REQUEST_METHOD "!^OPTIONS$" "t:none"
- how to disable http methods via iis
- How to Disable HTTP Method (OPTIONS, HEAD, ...) In GlassFish 3.1 Server
- spring-boot disable HTTP methods
- Disable Http-methods on Spring Security
- Disable HTTP methods in Tomcat