Skip to main content

Disable HTTP METHODS in IIS

More
17 years 6 months ago #21300 by Smurf
Our webserver is reported as allowing the TRACE HTTP METHOD which isn't a recommended setting for a secure environment. Does anyone know how to disable the thing in IIS 6 ? I have found an article on Microsoft's site that points to a registry key however this doesn't seem to work.

Click here for Microsoft link.

Also tried the web.config file, this didn't work.

Thanks in advance.

Wayne

FYI To find out what HTTP METHODS a weberver has, do the following;

1. Telnet to the webserver on Port 80
2. (without the qoutes) type "OPTIONS / HTTP/1.1" press enter
3. (without the qoutes) type "Host: website address" press enter
4. may need to press enter again.

website address = a fully qulified domain name of the website

Cheers

Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Time to create page: 0.120 seconds