Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Disable HTTP OPTIONS method on Apache2.2

Posted on 2014-01-05
4
2,569 Views
Last Modified: 2014-01-09
As web server/site administrators, we will be required to disable certain HTTP methods from the web and app servers we support.  The most common reason to disable these methods is due to some security best practice.

We ran some web assessment tests using third party tools and One of the issues pointed out in the tests were HTTP OPTIONS METHOD.

How do i go about disabling the HTTP OPTIONS METHOD.
0
Comment
Question by:m3mdicl
  • 3
4 Comments
 
LVL 24

Accepted Solution

by:
mankowitz earned 500 total points
ID: 39757842
OPTIONS allows a legitimate (and bad-guy) to know what services are available in your server. WebDAV and CORS use this legitimately, but I can't think of any other applications. Usually, the best thing to do is to disable it completely and only allow the usual web access methods (head, get, put) to go through. You may need to enable more for restful interfaces, but usually not. You can do this with mod Rewrite

In your httpd.conf:

RewriteEngine On
RewriteCond %{REQUEST_METHOD} !^(GET|POST|HEAD)
RewriteRule .* - [R=405,L]

Open in new window

0
 

Author Comment

by:m3mdicl
ID: 39757845
Is there any other option other than mod_rewrite? My httpd.conf is empty. I am runing apache on ubuntu... I do have a apache2.conf
0
 
LVL 24

Expert Comment

by:mankowitz
ID: 39757853
According to https://help.ubuntu.com/10.04/serverguide/httpd.html, apache2.conf is the configuration file for ubuntu. In other installations, the file is called httpd.conf.
0
 
LVL 24

Expert Comment

by:mankowitz
ID: 39757859
Here is another solution:

Add this to your configuration file

<LimitExcept GET POST>
deny from all
</LimitExcept>
0

Featured Post

Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Ubuntu not booting - How get past GRUB? 3 57
Linux script delete files 3 47
php56-php-mcrypt for rhel7 php56 1 43
trouble on installing syslog-ng on CentOS 7 7 52
The purpose of this article is to demonstrate how we can use conditional statements using Python.
Lease-to-own eliminates the expenditure of hardware replacement and allows you to pay off the server over time. Usually, this is much cheaper than leasing servers. Think of lease-to-own as credit without interest.
This video teaches viewers how to create their own website using cPanel and Wordpress. Tutorial walks users through how to set up their own domain name from tools like Domain Registrar, Hosting Account, and Wordpress. More specifically, the order in…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question