- Posts: 1390
- Thank you received: 0
Disable HTTP METHODS in IIS
17 years 6 months ago #21300
by Smurf
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Disable HTTP METHODS in IIS was created by Smurf
Our webserver is reported as allowing the TRACE HTTP METHOD which isn't a recommended setting for a secure environment. Does anyone know how to disable the thing in IIS 6 ? I have found an article on Microsoft's site that points to a registry key however this doesn't seem to work.
Click here for Microsoft link.
Also tried the web.config file, this didn't work.
Thanks in advance.
Wayne
FYI To find out what HTTP METHODS a weberver has, do the following;
1. Telnet to the webserver on Port 80
2. (without the qoutes) type "OPTIONS / HTTP/1.1" press enter
3. (without the qoutes) type "Host: website address" press enter
4. may need to press enter again.
website address = a fully qulified domain name of the website
Cheers
Click here for Microsoft link.
Also tried the web.config file, this didn't work.
Thanks in advance.
Wayne
FYI To find out what HTTP METHODS a weberver has, do the following;
1. Telnet to the webserver on Port 80
2. (without the qoutes) type "OPTIONS / HTTP/1.1" press enter
3. (without the qoutes) type "Host: website address" press enter
4. may need to press enter again.
website address = a fully qulified domain name of the website
Cheers
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Time to create page: 0.120 seconds