Suzaku
Reputation: 21
How to Block Http Methods in ASP.NET
We have a requirement of disabling the HTTP methods besides POST, GET and Head in an ASPNET Core Web application due as a part of security fixes. How can we disable the HTTP OPTIONS method in ASP.Net core API? Allowed 3 methods which are POST,GET and Head. How to block all the others method which I didn't use in middleware like DELETE,TRACE,PATCH and etc. Needs to return Error Code 405 = Method Not Allowed . Currently it throws the error 500 which is Internal Server Error
my code right now .
app.Use(async (context, next) =>
{
if (context.Request.Method=="TRACE")
{
context.Response.StatusCode = 405;
return;
}
await next.Invoke();
});
How to Block Http Methods in ASP.NET
Upvotes: 2
Views: 1011
Answers (1)
Ruikai Feng
Reputation: 11711
You could try as below:
app.MapWhen(x => x.Request.Method == "somemethod",
y => y.Use(async(context,next)=>
{
context.Response.StatusCode = 405;
await context.Response.WriteAsync("Method Not Allowed");
}
));
The Result:
Upvotes: 2
Related Questions
- Disable HTTP Options method in ASP.Net Core 3.1
- How to prevent HttpGet method being called?
- How do I ensure that X-HTTP-Method headers are ignored?
- How to disable TRACE Http Method on ASP.NET MVC
- how to disable http methods via iis
- Return bad request for all calls made over http
- How to block some HTTP methods to specific URL?
- How to deny HTTP methods (or verbs) for path in ASP.NET app
- MVC3 Custom attribute to deny HTTP Verbs
- Disable HTTP verb restrictions in ASP.NET WebAPI applications