Security Basics mailing list archives
Disable 80/443 Put / Delete Methods
From: roger.smith () calyonfinancial com
Date: Tue, 28 Sep 2004 09:05:11 -0500
Hi group, I have a client's vulnerability audit report for a web server that indicates that for ports 80 & 443 the PUT and DELETE methods are enabled on the server. The recommendation is to "disable" these methods "if possible". What does "disable" truly mean: a) Enable only when needed? b) delete these methods such that they can't ever be used?....and can that be done? The webmaster claims there is no other way to maintain the site but also has no rational reason other than IMHO preference. What scenarios would make it impossible to disable these methods. Thanks, Roger DISCLAIMER: This communication may contain privileged and/or confidential information and is intended only for the use of the individual or entity to whom it is addressed. No waiver of confidentiality or privilege is made by mistransmission. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorized dissemination, distribution, reading, printing, copying and/or use of this communication is strictly prohibited. If you have received this communication in error, please immediately notify the sender by return e-mail and delete this message from your system as well as destroy any paper copies made. Calyon Financial makes no representation or warranty regarding the correctness of any information contained herein, or the appropriateness of any transaction for any person. Nothing herein shall be construed as a recommendation to buy or sell any financial instrument or security.
Current thread:
- Disable 80/443 Put / Delete Methods roger . smith (Sep 30)
- RE: Disable 80/443 Put / Delete Methods Yvan Boily (Oct 04)