Limit Available Methods
An XCCDF Rule
Description
Web server methods are defined in section 9 of RFC 2616 (
http://www.ietf.org/rfc/rfc2616.txt).
If a web server does not require the implementation of all available methods,
they should be disabled.
Note: GET
and POST
are the most common methods. A majority of the others
are limited to the WebDAV protocol.
<Directory /var/www/html> # ... # Only allow specific methods (this command is case-sensitive!) <LimitExcept GET POST> Order allow,deny </LimitExcept> # ... </Directory>
Rationale
Minimizing the number of available methods to the web client reduces risk by limiting the capabilities allowed by the web server.
- ID
- xccdf_org.ssgproject.content_rule_httpd_limit_available_methods
- Severity
- Unknown
- Updated