VAPT – Disabling HTTP Methods
VAPT i.e. Vulnerability assessment and penetration testing, disabling HTTP methods. For the security purposes VAPT is done to restrict site or application server i.e Jboss from hackers.
I have received many emails for blog on VAPT . So, Lets start with how to disable the HTTP Methods i.e disabling TRACE, DELETE, PUT OPTION and Only required HTTP Methods are GET and POST
OPTIONS is not really vulnerability but since there is no real use for it and ideally should be disabled.
Below Configuration need to be added outside the <VirtualHost> of the Apache configuration .
<LimitExcept GET POST>
deny from all
# telnet 127.0.0.1 80
Connected to 127.0.0.1.
Escape character is ‘^]’.
OPTIONS / HTTP/1.1
Host: 127.0.0.1 ==> hit enter twice
This way, we can disable the HTTP methods and its tried and tested !!!
Happy Learning !!!
If you have doubt or queries, you can definetely comment us or can mail us on [email protected]
If you have any recommedation for future blog, You can email us on [email protected]
Related Searches :