Tech Support: How to Disable HTTP Method OPTIONS for the web applications in IIS 7.5 and above

ABOUT OPTIONS METHOD

OPTIONS is a diagnostic method which is mainly used for debugging purpose. This HTTP method basically reports which HTTP Methods that are allowed on the web server. In reality, this is rarely used for legitimate purposes, but it does grant a potential attacker a little bit of help and it can be considered a shortcut to find another hole.

How to fix it

OPTIONS method should be disabled.

Way to do it

Methods to disable OPTION method may vary depending upon the type, version of the web server.

Here i am describing IIS Version 7.5 and above.

Open IIS Manager.
Select the name of the machine to configure this globally (or change to the specific web site for which you need to configure this).
Double click on "Request Filtering".
Change to the HTTP Verbs tab.
From the Actions pane, select "Deny Verb".
Insert 'OPTIONS' in the Verb, and press OK to save changes.

Regards

R.Karthikeyan

1 comment:

Stella CarlsonMarch 30, 2020 at 1:02 PM
24*7 Apple Technical Support is leading Apple support website where you get services provider of Apple remote tech support the USA for third party products and services. Contact Apple Support phone number +1-855-516-8225.

Apple Customer Service
Macbook Customer Service
iTunes Customere service
iPad Customer Service

Tech Support

Pages

Thursday, December 13, 2018

How to Disable HTTP Method OPTIONS for the web applications in IIS 7.5 and above

1 comment: