Technical Stuff

Start from basics

VAPT – Disabling HTTP Methods

VAPT – Disabling HTTP Methods
VAPT – Disabling HTTP Methods
5 (100%) 1 vote

Hello EveryOne,

VAPT i.e. Vulnerability assessment and penetration testing, disabling HTTP methods. For the security purposes VAPT is done to restrict site or application server i.e Jboss from hackers.

I have received many emails for blog on VAPT . So, Lets start with how to disable the HTTP Methods i.e disabling TRACE, DELETE, PUT OPTION and Only required HTTP Methods are GET and POST

OPTIONS is not really vulnerability but since there is no real use for it and ideally should be disabled.

Below Configuration need to be added outside the <VirtualHost> of the Apache configuration .

<Location />

<LimitExcept GET POST>

order deny,allow

deny from all

</LimitExcept>

</Location>

Test :

# telnet 127.0.0.1 80

 Trying 127.0.0.1…

 Connected to 127.0.0.1.

 Escape character is ‘^]’.

 OPTIONS / HTTP/1.1

 Host: 127.0.0.1   ==> hit enter twice

This way, we can disable the HTTP methods and its tried and tested !!!

Happy Learning !!!

If you have doubt or queries, you can definetely comment us or can mail us on [email protected]

If you have any recommedation for future blog, You can email us on [email protected]

Related Searches :

  1. VAPT

2 thoughts on “VAPT – Disabling HTTP Methods

Leave a Reply

%d bloggers like this: